Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Respawning, Multiple Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Respawning, Multiple Infection

Unread postby antijkc » January 6th, 2014, 1:00 am

Hi,

My mother installed a downloaded file she shouldn't have and her Windows 7 computer is now having pop-up ads, amongst numerous signs of infection (Spybot getting de-activated, homepages changed on all installed browsers, being unable to remove websteroids plugin that got installed, and numerous pieces of malware identified by various online and MBAM scans that seem to consistently be unresolved).

Amongst these named infections found by numerous scans are PUP.Optional.InternetUpdater.A, Adware.Agent.NVF, Bundled.Toolbar.Ask, Trojan.Agent, and WiseConvert.

Thanks for your help in advance and here are my logs (first DDS then attach):

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Sharon at 23:51:37 on 2014-01-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.3823.2349 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\lxbfcoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [cdloader] "C:\Users\Sharon\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Total Defense PC Tuneup Reminder] C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe
mRun: [bdruninstaller] "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{AD2AA287-FDD7-4D69-AF62-80D5F4710BA7} : DHCPNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.59\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1cohlypi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1cohlypi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 238080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 lxbf_device;lxbf_device;C:\Windows\System32\lxbfcoms.exe -service --> C:\Windows\System32\lxbfcoms.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-12-30 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-12-30 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-29 19456]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-28 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-28 1369624]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-28 168384]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-29 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-01-05 18:15:04 -------- d-----w- C:\Users\Sharon\AppData\Roaming\Malwarebytes
2014-01-05 15:50:27 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-05 15:45:46 -------- d-----w- C:\Users\Sharon\AppData\Local\MFAData
2014-01-05 15:45:45 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2014-01-05 15:45:20 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2014-01-05 15:44:20 -------- d-----w- C:\Users\Sharon\AppData\Roaming\QuickScan
2014-01-04 21:22:34 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-04 21:22:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-04 21:22:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 19:02:11 -------- d-----w- C:\ProgramData\Websteroids
2014-01-04 18:15:16 -------- d-----w- C:\SUPERDelete
2014-01-04 18:12:55 -------- d-----w- C:\Users\Sharon\AppData\Roaming\SUPERAntiSpyware.com
2014-01-04 16:55:02 -------- d-----w- C:\ProgramData\Updater
2014-01-04 16:55:02 -------- d-----w- C:\ProgramData\RHelpers
2014-01-04 16:54:54 -------- d-----w- C:\Program Files (x86)\WiseConvert
2013-12-30 02:46:44 -------- d-----w- C:\Windows\Migration
2013-12-30 02:36:33 -------- d-----w- C:\Users\Sharon\AppData\Local\fontconfig
2013-12-30 02:36:31 -------- d-----w- C:\Users\Sharon\AppData\Local\gegl-0.2
2013-12-30 02:36:31 -------- d-----w- C:\Users\Sharon\.gimp-2.8
2013-12-30 02:34:20 -------- d-----w- C:\Users\Sharon\AppData\Local\Programs
2013-12-12 08:02:45 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:02:45 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:02:45 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:02:44 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 09:42:55 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 00:03:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 00:03:00 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2013-12-11 00:02:34 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-25 06:48:36 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-23 06:05:08 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-10-20 09:04:27 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-20 09:03:24 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 23:52:09.12 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28/12/2012 1:23:57 PM
System Uptime: 05/01/2014 11:36:49 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3029h
Processor: AMD Athlon(tm) Dual Core Processor 5000B | XU1 PROCESSOR | 2600/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 695 GiB total, 637.419 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&38EEAF84&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&38EEAF84&0
Service: i8042prt
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38EEAF84&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38EEAF84&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP94: 23/12/2013 12:37:15 AM - Scheduled Checkpoint
RP95: 29/12/2013 10:34:03 AM - PC Pitstop Restore Point
RP96: 29/12/2013 9:45:03 PM - Windows Update
RP97: 05/01/2014 10:28:06 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
AVG 2013
Bullzip PDF Printer 9.3.0.1516
Coby Media Manager
Coupon Printer for Windows
ESET Online Scanner v3
FreeRIP 3.92
GIMP 2.8.10
Google Chrome
Google Update Helper
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Photo Creations
HP Update
Java 7 Update 45
Java 7 Update 45 (64-bit)
Lexmark X6100 Series
LibreOffice 3.6
magicJack
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Corporation
Microsoft LifeCam
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MiniTool Partition Wizard Home Edition 7.6.1
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.1.0 (x86 en-US)
PC Pitstop Download Nitro 1.5.0.0
PhotoScape
Print Workshop 2008 LE
Renesas Electronics USB 3.0 Host Controller Driver
Skype™ 6.11
SoundMAX
Spybot - Search & Destroy
SUPERAntiSpyware
The Kakuro Code
Updater
Visual Studio 2010 x64 Redistributables
Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (07/03/2012 8.970.100.3000)
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
30/12/2013 4:35:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
05/01/2014 11:37:49 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
05/01/2014 11:37:49 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
05/01/2014 11:35:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
05/01/2014 10:48:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
05/01/2014 10:48:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
05/01/2014 10:48:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
05/01/2014 10:47:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
05/01/2014 10:47:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
05/01/2014 10:31:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache SASDIFSV SASKUTIL spldr Wanarpv6
05/01/2014 10:31:48 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2014 10:30:55 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
04/01/2014 12:12:27 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Maisonville\Guest SID (S-1-5-21-3310497078-3473027591-919061896-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
04/01/2014 1:53:38 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DEREK-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD2AA287-FDD7-4D69-AF62-80D5F4710BA7}. The master browser is stopping or an election is being forced.
01/01/2014 12:11:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
antijkc
Active Member
 
Posts: 9
Joined: January 6th, 2014, 12:46 am
Advertisement
Register to Remove

Re: Respawning, Multiple Infection

Unread postby pgmigg » January 6th, 2014, 1:31 am

Hello antijkc,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Respawning, Multiple Infection

Unread postby pgmigg » January 6th, 2014, 2:11 am

Hello antijkc,

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Coupon Printer for Windows
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Updater
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 3.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Files
    C:\ProgramData\Websteroids
    C:\ProgramData\Updater
    C:\ProgramData\RHelpers
    C:\Program Files (x86)\WiseConvert
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 4.
You should still have OTL.exe on your desktop.
OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of a OTL.txt log file
  4. Contents of a Extras.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Respawning, Multiple Infection

Unread postby antijkc » January 6th, 2014, 11:49 am

Hi and thank you!

A: No problems whatsoever, though I am curious if I no longer need Spybot and SUPERAntiSpyware and perhaps what protection I can offer my elderly and not very computer savvy parents?

B: All processes killed
========== FILES ==========
C:\ProgramData\Websteroids folder moved successfully.
File\Folder C:\ProgramData\Updater not found.
File\Folder C:\ProgramData\RHelpers not found.
C:\Program Files (x86)\WiseConvert folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 4004600 bytes
->Temporary Internet Files folder emptied: 6002174 bytes
->FireFox cache emptied: 7855403 bytes
->Flash cache emptied: 8099 bytes

User: Jim
->Temp folder emptied: 80733208 bytes
->Temporary Internet Files folder emptied: 57605666 bytes
->Java cache emptied: 98500 bytes
->FireFox cache emptied: 5712290 bytes
->Flash cache emptied: 10468 bytes

User: Public

User: Sharon
->Temp folder emptied: 10411387 bytes
->Temporary Internet Files folder emptied: 59223965 bytes
->FireFox cache emptied: 42310843 bytes
->Google Chrome cache emptied: 7184982 bytes
->Flash cache emptied: 14695 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 438816 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18328885 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42328155 bytes
RecycleBin emptied: 8936307 bytes

Total Files Cleaned = 335.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: Public

User: Sharon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: Jim
->Java cache emptied: 0 bytes

User: Public

User: Sharon

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01062014_102926

Files\Folders moved on Reboot...
C:\Users\Sharon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Sharon\AppData\Local\Temp\SAS89F4.tmp not found!
C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

C: OTL logfile created on: 1/6/2014 10:35:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sharon\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.73 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 66.17% Memory free
7.47 Gb Paging File | 6.23 Gb Available in Paging File | 83.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 694.88 Gb Total Space | 638.58 Gb Free Space | 91.90% Space Free | Partition Type: NTFS

Computer Name: MAISONVILLE | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/06 10:26:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
PRC - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/11/20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/02/19 03:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/08 19:05:25 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/15 15:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2007/04/24 19:24:34 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbfcoms.exe -- (lxbf_device)
SRV - [2013/12/21 14:00:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 19:03:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbfcoms.exe -- (lxbf_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/25 01:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/23 01:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/08 19:05:25 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/09/08 19:05:25 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/08 19:05:25 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 15:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 15:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/20 15:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 52 C7 2A 81 6C CE 01 [binary data]
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\..\SearchScopes,DefaultScope = {C0274B70-BAFB-4AF9-876E-C6227A8079E1}
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx? ... BF6B318&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\..\SearchScopes\{C0274B70-BAFB-4AF9-876E-C6227A8079E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/06 10:22:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/06 10:22:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/06 10:22:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/06 10:22:33 | 000,000,000 | ---D | M]

[2012/12/28 16:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Extensions
[2014/01/05 23:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1cohlypi.default\extensions
[2014/01/05 23:39:53 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1cohlypi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/12/21 13:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/21 14:00:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bdruninstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Total Defense PC Tuneup Reminder] C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe (PC Pitstop LLC)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3310497078-3473027591-919061896-1003..\Run: [cdloader] C:\Users\Sharon\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 3.6.lnk = C:\Program Files (x86)\LibreOffice 3.6\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD2AA287-FDD7-4D69-AF62-80D5F4710BA7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{36665ea6-70ff-11e3-9103-0024218592bd}\Shell - "" = AutoRun
O33 - MountPoints2\{36665ea6-70ff-11e3-9103-0024218592bd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/06 10:29:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/06 10:26:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2014/01/05 23:51:28 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Sharon\Desktop\dds.com
[2014/01/05 13:15:04 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Malwarebytes
[2014/01/05 10:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/01/05 10:45:46 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\MFAData
[2014/01/05 10:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2014/01/05 10:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/01/05 10:44:20 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\QuickScan
[2014/01/04 16:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/04 16:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/04 16:22:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/04 16:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/04 13:15:16 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2013/12/29 21:46:44 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/29 21:44:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/12/29 21:36:33 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\fontconfig
[2013/12/29 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\gegl-0.2
[2013/12/29 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\Sharon\.gimp-2.8
[2013/12/29 21:34:20 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Programs
[2013/12/21 13:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/12 03:02:45 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 03:02:44 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 03:02:44 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 03:02:42 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 03:01:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 03:01:23 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 03:01:23 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 03:01:23 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 03:01:23 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 03:01:23 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 03:01:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 03:01:22 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 03:01:22 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 03:01:22 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 03:01:22 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 03:01:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 03:01:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 03:01:20 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 03:01:19 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 03:01:17 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 04:42:55 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 04:42:55 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 04:42:54 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 04:42:54 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 04:42:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 04:42:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 04:42:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 04:42:48 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 04:42:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 04:42:48 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 04:42:48 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 04:42:48 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 04:42:48 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/10 19:03:00 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 19:03:00 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 09:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2014/01/06 10:38:02 | 000,666,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/06 10:38:02 | 000,126,328 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/06 10:38:01 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/06 10:32:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 10:32:19 | 3006,787,584 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/06 10:31:25 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 10:31:25 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 10:26:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2014/01/06 09:47:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/05 23:51:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Sharon\Desktop\dds.com
[2014/01/04 16:22:34 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 11:58:13 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2013/12/29 21:48:22 | 000,762,832 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/29 21:39:51 | 052,710,169 | ---- | M] () -- C:\Users\Sharon\Desktop\vinylcafe_20131228_20570.mp3
[2013/12/20 14:16:06 | 000,139,956 | ---- | M] () -- C:\Users\Sharon\Desktop\girls.jpeg
[2013/12/20 14:06:35 | 000,144,192 | ---- | M] () -- C:\Users\Sharon\Desktop\cecil.jpeg
[2013/12/19 22:24:35 | 000,128,280 | ---- | M] () -- C:\Users\Sharon\Desktop\s & s.jpeg
[2013/12/15 21:17:15 | 000,038,805 | R--- | M] () -- C:\Users\Sharon\Desktop\ATT00054-1.jpg
[2013/12/12 03:19:52 | 000,707,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 19:03:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 19:03:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 19:02:34 | 009,272,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/10 12:39:45 | 000,435,543 | ---- | M] () -- C:\Users\Sharon\Documents\Gift Certificate Nov11.wpd
[2013/12/10 10:45:02 | 000,009,663 | ---- | M] () -- C:\Users\Sharon\Documents\certificate records.wpd
[2013/12/10 00:59:25 | 000,002,780 | ---- | M] () -- C:\Users\Sharon\Documents\sign2 for gift certs.wpd

========== Files Created - No Company Name ==========

[2014/01/04 16:22:34 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 21:48:22 | 000,762,832 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/29 21:39:14 | 052,710,169 | ---- | C] () -- C:\Users\Sharon\Desktop\vinylcafe_20131228_20570.mp3
[2013/12/20 14:16:25 | 000,139,956 | ---- | C] () -- C:\Users\Sharon\Desktop\girls.jpeg
[2013/12/20 14:06:58 | 000,144,192 | ---- | C] () -- C:\Users\Sharon\Desktop\cecil.jpeg
[2013/12/19 22:25:15 | 000,128,280 | ---- | C] () -- C:\Users\Sharon\Desktop\s & s.jpeg
[2013/12/15 21:17:17 | 000,038,805 | R--- | C] () -- C:\Users\Sharon\Desktop\ATT00054-1.jpg
[2013/12/10 19:03:00 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/07 22:01:00 | 000,061,678 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\PFP110JPR.{PB
[2013/02/07 22:01:00 | 000,012,358 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\PFP110JCM.{PB
[2013/01/14 22:30:23 | 000,028,341 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Tab Separated Values (Windows).ADR
[2013/01/13 11:46:18 | 000,028,516 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013/01/11 15:14:01 | 000,000,071 | ---- | C] () -- C:\Windows\PrintWorkShop2008LE.ini
[2013/01/07 14:13:16 | 000,000,264 | ---- | C] () -- C:\Windows\SysWow64\BDEMERGE.INI
[2013/01/07 13:32:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/12/30 16:58:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/30 16:58:10 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/12/30 16:58:10 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/12/29 14:55:22 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/12/29 14:55:05 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012/12/28 14:19:57 | 000,000,465 | ---- | C] () -- C:\Windows\lexstat.ini
[2012/12/28 14:16:03 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll
[2012/12/28 14:16:03 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll
[2012/12/28 14:16:03 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll
[2012/12/28 14:16:03 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll
[2012/12/28 14:16:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll
[2012/12/28 14:16:03 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll
[2012/12/28 14:16:03 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe
[2012/12/28 14:16:03 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll
[2012/12/28 14:16:03 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll
[2012/12/28 14:16:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll
[2012/12/28 14:16:03 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll
[2012/12/28 14:16:03 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe
[2012/12/28 14:16:03 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe
[2012/12/28 14:16:03 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll
[2012/12/28 14:16:03 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfppls.exe
[2012/12/28 14:16:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll
[2012/12/28 14:16:03 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll
[2012/09/18 16:45:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/11 08:06:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/11 08:06:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/01/01 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2013
[2013/01/01 15:02:45 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\LibreOffice
[2012/12/28 15:01:06 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG2013
[2012/12/29 17:58:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Coby
[2012/12/29 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Coby Media Manager
[2012/12/29 14:51:13 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FairStars Audio Converter Pro
[2014/01/05 21:43:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Free Download Manager
[2012/12/28 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\LibreOffice
[2013/05/04 10:34:35 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mjusbsp
[2012/12/28 14:44:59 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PDF Writer
[2013/01/07 14:36:20 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PhotoScape
[2013/02/02 18:45:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TeamViewer
[2012/12/28 14:54:26 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Thunderbird
[2012/12/28 14:59:06 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TuneUp Software
[2012/12/28 15:50:02 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\AVG2013
[2012/12/30 14:00:04 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Coby
[2012/12/30 14:05:10 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Coby Media Manager
[2012/12/28 22:18:49 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\LibreOffice
[2013/05/04 10:33:24 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\mjusbsp
[2013/01/07 14:47:00 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\PhotoScape
[2014/01/05 10:44:22 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\QuickScan
[2012/12/30 13:17:35 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Thunderbird

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\sign bill Sept. 2013.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\sign bill Nov 2013.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\sign bill April 2012.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\s & s.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\girls.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\cecil.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\Brad's students 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\Brad's students 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\Brad's students 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\Brad's students 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Sharon\Desktop\2012 letter to J. So.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

D: OTL Extras logfile created on: 1/6/2014 10:35:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sharon\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.73 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 66.17% Memory free
7.47 Gb Paging File | 6.23 Gb Available in Paging File | 83.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 694.88 Gb Total Space | 638.58 Gb Free Space | 91.90% Space Free | Partition Type: NTFS

Computer Name: MAISONVILLE | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025D3591-99C6-465A-8E3F-556A0248F582}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0E0606FC-B195-4EED-869F-939BFE74F519}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B3D4353-7CE8-4F9D-A170-1BBF03A6CE60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20053BDD-0531-4BB7-B1F0-E94E39E456FC}" = lport=138 | protocol=17 | dir=in | app=system |
"{25B74D03-51F5-454C-A5BA-35F2ACFACFD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{269AAAE5-FD02-44C3-9D09-AA193ECA80A5}" = rport=137 | protocol=17 | dir=out | app=system |
"{271F7CB9-DCA6-4042-BC82-496B748F3584}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{272AFAC8-8666-4677-8A43-FE8023232898}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{27674D72-8783-4C92-9A5C-40ABB89897B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C4B22B0-35A3-420B-B884-1F04262CC608}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2E1B6AE2-56CE-4616-A868-4583699334AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30C7483C-A4D2-4356-9FA4-98AF0737A438}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4783AB6A-26CE-466B-8836-8714AAAE83C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B661734-5CA9-41A9-B35E-543112B00D53}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5C57DDEF-99BE-4CF6-8B8B-631C1185C84D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61510DA6-B621-40AB-9345-583D0E10145B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{67F05E2E-96A9-42D1-B96B-62C0ED94F947}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BF02EAB-96BC-4CA7-882B-7278B490B36E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FCCB314-3837-452C-B6CB-419C46783B07}" = rport=445 | protocol=6 | dir=out | app=system |
"{73E9471D-4B49-484C-92DB-11E16892CEAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BC7AEC7-2A2A-43DA-AD1F-8CBB819C686A}" = rport=138 | protocol=17 | dir=out | app=system |
"{85FB41EA-EE14-4303-A086-8236E37B7EB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87FE56C2-A3ED-4141-BB56-3EB7057BFC05}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE0808BA-08CB-48BD-9B7A-4B0FD91CB8D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B61EB075-C3D8-46BB-A254-88033D2F0333}" = rport=139 | protocol=6 | dir=out | app=system |
"{BBD87258-FA27-4139-B51D-631F4FCD09CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D41124F0-CB7B-4D44-8FD3-F6AB84544BAB}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF87EC13-39F2-4CF9-BF58-EB929826F5E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{F78892A4-E326-4686-B239-D9152DCD5980}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FEE9152A-7F54-46E9-8B7A-4EAD502919F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF17F397-DC78-4F9E-934E-CD2F3013DD87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F09C5E-33A2-4B4F-9C97-20E3F35B8DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{03AD818A-7415-479E-B52C-13302EB432E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{0459D3B4-D1F4-43E2-A9A9-829EAD98B2FE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{06A1E7FD-BB04-4982-BF70-8315BFEBCE08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A4AFCF3-F397-4AEA-B71E-64D8B85EE2A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B61FE72-24CC-4BE3-8301-FE425DC0FDB3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19476267-DD7E-4219-AE1A-EB96E2165958}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{2234C9C8-B037-48C7-970E-65F8EE2BDC83}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{315C51B5-9F24-477E-9B48-933B098D8A24}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{354822FF-EB8B-45E8-9727-F5EA6D8940E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3DABF162-8593-42F8-ADCD-E9AB1F94273C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe |
"{3E742186-0C0E-4ED7-9FB5-51620BA3CDE8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{493E3E72-E5A2-47C2-A11C-F69D46401E83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C795CF1-7184-4474-B8EE-1A0E902D8E5D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{5C7CA089-2B55-40F0-83CC-96ADA8056E5A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{60EA7421-7D9D-4CE6-9D6C-2F390072894C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{6524CFB1-76D6-495C-88C9-6FBBD21F7AA6}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{68DB5A9B-86ED-421D-97CB-DB79E2AA9EBF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BDD57FC-0664-4098-B3DB-0A6B7FCF9855}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6E65A8A5-21C3-4E39-8A28-F57E7F7C341F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{825EE2D7-7292-4D30-9BD5-C743578FA2CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89279929-F29D-44FE-BB15-37643F367B2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8EE7DF72-208D-4703-9D68-BF27AA78811C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{9AD36094-971C-4495-96ED-4FEC1187DEA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1EDEAD5-11FD-4184-8C1A-CC90E723EC26}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{B760CCC3-CAE4-4A65-8C09-2BF528EDE9B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{BA92AB7E-700A-40D6-985F-644C5FEBDAEB}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe |
"{BB243347-7127-48B1-AEDD-2B7664193661}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD0FBF42-C4CA-402E-8C88-7C3817194CD5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{BF7E1281-0EE6-4578-BEA7-FA19ADD76351}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{C4BBD5FA-5899-435A-879C-B672D899E29D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CCCD58B9-7A45-451A-95B2-74FB46FA95E5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe |
"{D2E038C8-C680-4EC0-807A-B1DDC076A559}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D76904B1-D135-4982-A76B-78CD60DE1D50}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{D868F170-B9BE-40A8-B767-C2E18CA7CAD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA2632EC-7602-4356-98E9-7E2DA4D45FDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB487FB5-739F-4A39-B409-B01C2E4EBF10}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{DC9200D8-4261-4E50-B74A-115EF2D40D19}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe |
"{EA54EA9A-7729-448F-A232-4D1689A8AC5C}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{EFB55367-26DF-4AEC-874A-95FF41FB27CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{F30F8613-ADCF-4873-AB33-B2A9940E07AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F49215C2-3669-45CD-879F-BEF124A34117}" = protocol=6 | dir=out | app=system |
"{F930720C-DAF0-46DE-8ED0-F25391A0602A}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{FC558243-80B9-40B7-9D21-332636656213}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FE03D94F-5410-494B-9366-9611A438DEA3}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"TCP Query User{5082B2D2-BB49-45B4-9E96-F9A024694CBB}C:\users\jim\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\jim\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{82D6EF92-0037-4855-854E-0082FFD9402A}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"TCP Query User{A60E91C4-E047-4475-A20C-50495B6EFEAA}C:\users\sharon\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\sharon\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{C167AA8A-6892-440A-809C-377C0EE0BBA6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{495279F9-8B49-4672-BA50-2BC2C5523845}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{83EF7B59-4120-4DA9-9B64-2809075F15D6}C:\users\jim\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\jim\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{8FAB392F-FA73-4DFB-ADDC-998808829856}C:\users\sharon\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\sharon\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{CF842656-2FEC-492C-B90C-C74ABE8FADA7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AB4DB8C-4123-45DC-B896-C67990F76DA4}" = HP Deskjet 1050 J410 series Product Improvement Study
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
"{4E2C5655-556D-479A-A85B-CD93325E5594}" = AVG 2013
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AB3AFCA5-A2BB-4F31-8FEC-0295DB7BF928}" = AVG 2013
"609473F0461D802FF258F1BE5B2148375852A8BC" = Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (07/03/2012 8.970.100.3000)
"AVG" = AVG 2013
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516
"GIMP-2_is1" = GIMP 2.8.10
"Lexmark X6100 Series" = Lexmark X6100 Series

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.6.1
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.92
"{51020C27-7422-3FBE-9480-4CB1CCC8E2CC}" = Google Chrome
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{60B2F25C-22CB-4CD9-9168-8C63708DC1A1}" = LibreOffice 3.6
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BC3BE1DB-7DD0-4064-97AE-F57BE15FB491}" = Print Workshop 2008 LE
"{D95C1542-CB89-4F38-870D-A672BA5E7D54}" = Coby Media Manager
"{EF55229E-3FFE-4DCC-91B0-FFF1A63A508F}" = The Kakuro Code
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ESET Online Scanner" = ESET Online Scanner v3
"HP Photo Creations" = HP Photo Creations
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"Mozilla Thunderbird 24.1.0 (x86 en-US)" = Mozilla Thunderbird 24.1.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC Pitstop Download Nitro_is1" = PC Pitstop Download Nitro 1.5.0.0
"PhotoScape" = PhotoScape

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2013 12:47:51 AM | Computer Name = Maisonville | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Spybot - Search & Destroy tray access because of this error.

Program:
Spybot - Search & Destroy tray access File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Additional
Data Error value: 00000000 Disk type: 0

Error - 12/10/2013 11:50:27 AM | Computer Name = Maisonville | Source = WinMgmt | ID = 10
Description =

Error - 12/10/2013 1:26:39 PM | Computer Name = Maisonville | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2013 4:21:17 AM | Computer Name = Maisonville | Source = WinMgmt | ID = 10
Description =

Error - 12/21/2013 5:06:47 PM | Computer Name = Maisonville | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2013 12:52:38 PM | Computer Name = Maisonville | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2013 12:07:35 PM | Computer Name = Maisonville | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2013 2:48:40 PM | Computer Name = Maisonville | Source = VSS | ID = 13
Description =

Error - 12/30/2013 2:48:40 PM | Computer Name = Maisonville | Source = VSS | ID = 8193
Description =

Error - 1/2/2014 6:13:43 PM | Computer Name = Maisonville | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/4/2013 11:20:37 PM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =

Error - 6/4/2013 11:56:36 PM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =

Error - 6/5/2013 12:43:47 AM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =

Error - 6/5/2013 12:55:48 AM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =

Error - 6/5/2013 1:31:52 AM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =

Error - 6/5/2013 2:07:52 AM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =

Error - 6/5/2013 2:31:55 AM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =

Error - 6/5/2013 2:47:41 AM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =

Error - 6/5/2013 3:01:22 AM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =

Error - 6/5/2013 3:04:17 AM | Computer Name = Maisonville | Source = bowser | ID = 8003
Description =


< End of report >

E: Still had a pop-up (but it said "Unable to load page") on system reboot, but that was before the final OTL scan.
antijkc
Active Member
 
Posts: 9
Joined: January 6th, 2014, 12:46 am

Re: Respawning, Multiple Infection

Unread postby pgmigg » January 6th, 2014, 3:02 pm

Hello antijkc,

Good job! :D
No problems whatsoever, though I am curious if I no longer need Spybot and SUPERAntiSpyware and perhaps what protection I can offer my elderly and not very computer savvy parents?
You know, but much - does not mean good! Running - more than one - antivirus program is not recommended because:
  1. They can conflict with each other.
  2. Report the other antivirus software as malicious.
  3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  4. Can cause your computer to run slowly, become unstable and crash.

The same words may be said about SP (Spyware Protection) programs! The computer of your parents contained even three of them plus SUPERAntiSpyware:
SP: Windows Defender
SP: Spybot - Search and Destroy
SP: AVG AntiVirus Free Edition 2013

If you asked me, the combination of AVG AntiVirus Free Edition 2013 (AV + SP) with Windows Defender is more than enough. We will continue to talk about protection later...
Still had a pop-up (but it said "Unable to load page") on system reboot, but that was before the final OTL scan.
We are not finished yet. Now, let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx? ... BF6B318&q= {searchTerms}&SSPV=
    O4 - HKLM..\Run: [] File not found
    
    :Files
    @C:\Users\Sharon\Desktop\sign bill Sept. 2013.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\sign bill Nov 2013.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\sign bill April 2012.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\s & s.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\girls.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\cecil.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\Brad's students 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\Brad's students 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\Brad's students 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\Brad's students 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\Users\Sharon\Desktop\2012 letter to J. So.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @C:\ProgramData\TEMP:373E1720
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 3.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 4.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *Coupons*
    *datamngr*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Rapport*
    *searchab*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *Trusteer*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *Websteroids*
    *WiseConvert*
    *whitesmoke*
    *FriendsChecker*
    *UnfriendApp*
    *ExFriendAlert*
    *RecordChecker*
    *SearchDonkey*
    *InfoSeeker*
    *SecureWeb*
    *TVGenie*
    *TubeDimmer*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *Coupons*
    *datamngr*
    *Rapport*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *searchab*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *Trusteer*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *Websteroids*
    *WiseConvert*
    *whitesmoke*
    *FriendsChecker*
    *UnfriendApp*
    *ExFriendAlert*
    *RecordChecker*
    *SearchDonkey*
    *InfoSeeker*
    *SecureWeb*
    *TVGenie*
    *TubeDimmer*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    Coupons
    datamngr
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    Rapport
    searchab
    Searchqu
    Searchnu
    Slick
    smartbar
    Sweetpack
    Tarma
    Trusteer
    trolltech
    Vafmusic2
    vshare
    Websteroids
    WiseConvert
    whitesmoke
    FriendsChecker
    UnfriendApp
    ExFriendAlert
    RecordChecker
    SearchDonkey
    InfoSeeker
    SecureWeb
    TVGenie
    TubeDimmer
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 5.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please do not hesitate to divide the post into multiple if it is too long...

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the JRT.txt log file
  4. Contents of the AdwCleaner[Sn].txt log file
  5. Contents of the SystemLook.txt log file
  6. Contents of the most recent OTL.txt file after fresh OTL scan

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Respawning, Multiple Infection

Unread postby antijkc » January 6th, 2014, 5:18 pm

Thanks pgmigg,

Here's the next update:

A: No problems!

B: All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3310497078-3473027591-919061896-1003\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
ADS C:\Users\Sharon\Desktop\sign bill Sept. 2013.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\sign bill Nov 2013.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\sign bill April 2012.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\s & s.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\girls.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\cecil.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\Brad's students 4.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\Brad's students 3.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\Brad's students 2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\Brad's students 1.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Sharon\Desktop\2012 letter to J. So.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sharon\Desktop\cmd.bat deleted successfully.
C:\Users\Sharon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sharon
->Temp folder emptied: 2812 bytes
->Temporary Internet Files folder emptied: 41268 bytes
->FireFox cache emptied: 14863659 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40736 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: Public

User: Sharon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: Jim
->Java cache emptied: 0 bytes

User: Public

User: Sharon

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01062014_144901

Files\Folders moved on Reboot...
C:\Users\Sharon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

C: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Sharon on 06/01/2014 at 15:00:51.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_easy-cd-da-extractor_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_easy-cd-da-extractor_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_easy-cd-da-extractor_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_easy-cd-da-extractor_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\Program Files (x86)\freerip"



~~~ FireFox

Successfully deleted the following from C:\Users\Sharon\AppData\Roaming\mozilla\firefox\profiles\1cohlypi.default\prefs.js

user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP0CC3BC93-D717-430A-8157-F01BABF6B3
Emptied folder: C:\Users\Sharon\AppData\Roaming\mozilla\firefox\profiles\1cohlypi.default\minidumps [240 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/01/2014 at 15:06:40.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

D: # AdwCleaner v3.016 - Report created 06/01/2014 at 15:33:59
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Sharon - MAISONVILLE
# Running from : C:\Users\Sharon\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Jim\AppData\LocalLow\FreeRIP
Folder Deleted : C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
File Deleted : C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\8gj6y9qd.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\8gj6y9qd.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\8gj6y9qd.default\prefs.js ]


[ File : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1cohlypi.default\prefs.js ]


-\\ Google Chrome v31.0.1650.59

[ File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2177 octets] - [06/01/2014 15:17:48]
AdwCleaner[S0].txt - [2126 octets] - [06/01/2014 15:33:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2186 octets] ##########

E: SystemLook 30.07.11 by jpshortstuff
Log created at 15:38 on 06/01/2014 by Sharon
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage --a---- 3072 bytes [16:44 11/01/2013] [16:44 11/01/2013] F4256E8DBEFBEB15EDE8C8F34AFF418B
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal --a---- 3608 bytes [16:44 11/01/2013] [16:44 11/01/2013] F3953881FBED20F9E54132C7CD133071

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
No files found.

Searching for "*Coupons*"
C:\Users\Sharon\Documents\Music Night Coupons.doc --a---- 42496 bytes [17:47 29/12/2012] [17:03 23/06/2013] B0C72132007220CE438F12A13A1DDC82
C:\Users\Sharon\Documents\Music Night Coupons2.doc --a---- 40960 bytes [17:47 29/12/2012] [18:56 20/10/2012] BCC4ABBF303F397DAB875DEDF54E0C31

Searching for "*datamngr*"
C:\Users\Sharon\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [20:00 06/01/2014] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Rapport*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Slick*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Sweet*"
C:\Users\Jim\Documents\Brads GTR Tabs\country_Acoustic_Blues_folk\Down in Mississippi _ Sweet Home Chicago.doc --a---- 25600 bytes [08:55 03/01/2013] [09:53 12/09/2012] 116FF7658F44A71129FBA86C3A5FAFB9
C:\Users\Jim\Documents\Brads GTR Tabs\country_Acoustic_Blues_folk\Lynyrd Skynyrd - Sweet Home Alabama.doc --a---- 31744 bytes [08:55 03/01/2013] [10:24 02/09/2009] 4A747CA6C5F6D522D7FA468D1DBC5364
C:\Users\Jim\Documents\Brads GTR Tabs\Joy Of Music\cpu II\Guitar Tab\sweetchild\sweetchild1.psd --a---- 319498 bytes [08:56 03/01/2013] [17:17 09/12/2004] 4199222238FBD33932D3F013C9E48C48
C:\Users\Jim\Documents\Brads GTR Tabs\Joy Of Music\cpu II\Guitar Tab\sweetchild\sweetchild2.psd --a---- 331485 bytes [08:56 03/01/2013] [20:18 08/12/2004] CB2FEB1F9B448E0B353C3A1043EE3CFF
C:\Users\Jim\Documents\Brads GTR Tabs\Joy Of Music\cpu II\Guitar Tab\sweetchild\sweetchild3.psd --a---- 460731 bytes [08:56 03/01/2013] [20:20 08/12/2004] F5540A1B4CF407C8FD79DE1F8672C179
C:\Users\Jim\Documents\Brads GTR Tabs\Joy Of Music\cpu II\Guitar Tab\sweetchild\sweetchild4.psd --a---- 351582 bytes [08:56 03/01/2013] [20:23 08/12/2004] 3F38AA3711A0CD2FE1016CE6ECE1C25F
C:\Users\Jim\Documents\Brads GTR Tabs\Rock\neil Diamond - sweet caroline.doc --a---- 24064 bytes [08:55 03/01/2013] [20:02 29/06/2011] E4ED4D6BDE199B30EB6BC55006C1A5EA
C:\Users\Jim\Documents\Brads GTR Tabs\Rock\Verve - bittersweet symphony.doc --a---- 27648 bytes [08:55 03/01/2013] [13:03 28/09/2009] 448B24D12A7D1CAACEA60C00E969840B
C:\Users\Jim\Documents\Brads GTR Tabs\Rock Artists\Aerosmith\Aerosmith - sweet emotion.doc --a---- 24576 bytes [08:55 03/01/2013] [23:20 27/03/2009] E62CCB593D1125EBF1068DA7AFA22F34
C:\Users\Jim\Documents\Brads GTR Tabs\Rock Artists\Guns N Roses\GNR - sweet child bass.doc --a---- 46592 bytes [08:55 03/01/2013] [21:36 03/05/2007] F7A87F9ABBD75CCA8CC3CE0251E70822
C:\Users\Jim\Documents\Brads GTR Tabs\Rock Artists\Guns N Roses\GNR - sweet child solo.doc --a---- 27136 bytes [08:55 03/01/2013] [13:07 11/11/2010] 07E740E92DE09C8FC2A76D5F4572EEA2
C:\Users\Jim\Documents\Brads GTR Tabs\Rock Artists\Guns N Roses\GNR -sweet child O mine.doc --a---- 28672 bytes [08:55 03/01/2013] [10:52 22/11/2010] 59A6B05C94C35624F226EE403E4A74C6
C:\Users\Jim\Documents\Brads GTR Tabs\Rock Artists\Lynyrd Skynyrd\Lynyrd Skynyrd - Sweet Home Alabama.doc --a---- 27648 bytes [08:55 03/01/2013] [09:52 27/09/2011] FC4AEE4546C06F6B9DFEAAFF3115912D
C:\Users\Jim\Documents\Brads GTR Tabs\unfinished\unfinished\Sweet Child O Mine.doc --a---- 22528 bytes [08:55 03/01/2013] [23:01 02/11/2010] F43D09D9E0E67F9D6E413EF257442BC0
C:\Users\Jim\Music\Stevie Ray Vaughan\Stevie Ray Vaughan, Buddy Guy, Robert Cray, Eric Clapton, Jimmy Vaughn - Sweet Home Chicago (8 - 26 - 90).mp3 --a---- 11208704 bytes [19:57 07/01/2013] [13:34 03/02/2008] ACDB7B6444BDEABEFF1AB95AED55E915
C:\Users\Jim\Music\to be sorted\15-Sweet Little Sixteen.mp3 --a---- 3316416 bytes [19:58 07/01/2013] [09:00 25/12/2012] EC7C9D0A23244925C1B42EDE4567ADA9
C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\Sweet Potato and Zucchini Bread Recipe at Epicurious.com.lnk --a---- 810 bytes [01:31 08/03/2013] [01:37 08/03/2013] 07D4937FE5E7E221EFB2E300A8EA6EED
C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\Sweet Potato and Zucchini Bread Recipe at Epicurious.com_files.lnk --a---- 772 bytes [18:57 06/10/2013] [18:57 06/10/2013] 01279269B30A9713D70D66162EBD7129
C:\Users\Sharon\Desktop\Sweet Potato and Zucchini Bread Recipe at Epicurious.com.htm --a---- 26904 bytes [01:31 08/03/2013] [01:31 08/03/2013] 191F044044542C791019B16BCBAD76EA
C:\Users\Sharon\Desktop\Sweet Potato and Zucchini Bread Recipe at Epicurious.com_files\newad_data\YamSweet-Potato-and-Zucchini-Bread-2674ThanksgivingVegetableW.js --a---- 110 bytes [01:31 08/03/2013] [01:31 08/03/2013] 00B134BD7F669924CC4DB6CDDD661CE4
C:\Users\Sharon\Desktop\Sweet Potato and Zucchini Bread Recipe at Epicurious.com_files\newad_data_002\YamSweet-Potato-and-Zucchini-Bread-2674ThanksgivingVegetableW.js --a---- 83 bytes [01:31 08/03/2013] [01:31 08/03/2013] 1D0E79409CDF220A5E714BA5A24C4499
C:\Users\Sharon\Desktop\Sweet Potato and Zucchini Bread Recipe at Epicurious.com_files\newad_data_003\YamSweet-Potato-and-Zucchini-Bread-2674ThanksgivingVegetableW.js --a---- 718 bytes [01:31 08/03/2013] [01:31 08/03/2013] 271F93D17C8139243F7CD4B0D8B8AF98
C:\Users\Sharon\Documents\50+ Friends Club Cookbook -- Crock Pot Cooking -- Cantonese Sweet and Sour Chicken.mht --a---- 3082 bytes [17:40 29/12/2012] [02:56 14/12/2008] E239D430F5353924A0DBBEB45CAD4194
C:\Users\Sharon\Documents\50+ Friends Club Cookbook -- Crock Pot Cooking -- Sweet 'n' Sour Ribs.mht --a---- 2790 bytes [17:40 29/12/2012] [02:54 14/12/2008] CFF76FF92024ED04C7A79DF16A0A255F
C:\Users\Sharon\Documents\Recipes\Sweet Polenta Pie.bmp --a---- 1013504 bytes [18:00 29/12/2012] [23:38 06/05/2003] 9A5470B1BD20874A50EBE872B0EA757E
C:\Users\Sharon\Music\MP3s\01 bittersweet.mp3 --a---- 5281194 bytes [22:54 29/12/2012] [22:57 26/06/2013] E4D628ABFDB62B5007379E049CF32CFD

Searching for "*Tarma*"
No files found.

Searching for "*Trusteer*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*Websteroids*"
C:\_OTL\MovedFiles\01062014_102926\C_ProgramData\Websteroids\Websteroids.ico --a---- 115421 bytes [19:02 04/01/2014] [19:02 04/01/2014] 49D53F47449D5250AB3DDFE6E5D2AAE7

Searching for "*WiseConvert*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*FriendsChecker*"
No files found.

Searching for "*UnfriendApp*"
No files found.

Searching for "*ExFriendAlert*"
No files found.

Searching for "*RecordChecker*"
No files found.

Searching for "*SearchDonkey*"
No files found.

Searching for "*InfoSeeker*"
No files found.

Searching for "*SecureWeb*"
No files found.

Searching for "*TVGenie*"
No files found.

Searching for "*TubeDimmer*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*Coupons*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*Rapport*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Slick*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Sweet*"
C:\Users\Jim\Documents\Brads GTR Tabs\Joy Of Music\cpu II\Guitar Tab\sweetchild d------ [08:56 03/01/2013]
C:\Users\Sharon\Desktop\Sweet Potato and Zucchini Bread Recipe at Epicurious.com_files d------ [01:31 08/03/2013]

Searching for "*Tarma*"
No folders found.

Searching for "*Trusteer*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*Websteroids*"
C:\_OTL\MovedFiles\01062014_102926\C_ProgramData\Websteroids d------ [19:02 04/01/2014]

Searching for "*WiseConvert*"
C:\_OTL\MovedFiles\01062014_102926\C_Program Files (x86)\WiseConvert d------ [16:54 04/01/2014]

Searching for "*whitesmoke*"
No folders found.

Searching for "*FriendsChecker*"
No folders found.

Searching for "*UnfriendApp*"
No folders found.

Searching for "*ExFriendAlert*"
No folders found.

Searching for "*RecordChecker*"
No folders found.

Searching for "*SearchDonkey*"
No folders found.

Searching for "*InfoSeeker*"
No folders found.

Searching for "*SecureWeb*"
No folders found.

Searching for "*TVGenie*"
No folders found.

Searching for "*TubeDimmer*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
No data found.

Searching for "Coupons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6C4B1056F938C454AAAA2B22961182E]
"15FB8624FDFD8714B8D8D57525CFAA85"="02:\SOFTWARE\Hewlett-Packard\Coupons\band"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\Coupons]

Searching for "datamngr"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "Rapport"
No data found.

Searching for "searchab"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "Slick"
No data found.

Searching for "smartbar"
No data found.

Searching for "Sweetpack"
No data found.

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mml\OpenWithProgIDs]
"soffice.StarMathDocument.6"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm\OpenWithProgIDs]
"soffice.StarMathDocument.6"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument\CurVer]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument.6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\ProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\VersionIndependentProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\The Document Foundation\LibreOffice\3.6\Capabilities\FileAssociations]
".mml"="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\The Document Foundation\LibreOffice\3.6\Capabilities\FileAssociations]
".sxm"="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\ProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\VersionIndependentProgID]
@="soffice.StarMathDocument.6"

Searching for "Trusteer"
No data found.

Searching for "trolltech"
No data found.

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
No data found.

Searching for "Websteroids"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]
"ad"="websteroidsapp.com"

Searching for "WiseConvert"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "FriendsChecker"
No data found.

Searching for "UnfriendApp"
No data found.

Searching for "ExFriendAlert"
No data found.

Searching for "RecordChecker"
No data found.

Searching for "SearchDonkey"
No data found.

Searching for "InfoSeeker"
No data found.

Searching for "SecureWeb"
No data found.

Searching for "TVGenie"
No data found.

Searching for "TubeDimmer"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-

F: OTL logfile created on: 1/6/2014 3:59:30 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sharon\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.73 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 81.83% Memory free
7.47 Gb Paging File | 6.44 Gb Available in Paging File | 86.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 694.88 Gb Total Space | 638.43 Gb Free Space | 91.88% Space Free | Partition Type: NTFS

Computer Name: MAISONVILLE | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/06 10:26:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
PRC - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/11/20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/02/19 03:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/08 19:05:25 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/15 15:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2007/04/24 19:24:34 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbfcoms.exe -- (lxbf_device)
SRV - [2013/12/21 14:00:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 19:03:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbfcoms.exe -- (lxbf_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/25 01:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/23 01:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/08 19:05:25 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/09/08 19:05:25 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/08 19:05:25 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 15:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 15:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/20 15:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 52 C7 2A 81 6C CE 01 [binary data]
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\..\SearchScopes\{C0274B70-BAFB-4AF9-876E-C6227A8079E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/06 10:22:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/06 10:22:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/06 10:22:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/06 10:22:33 | 000,000,000 | ---D | M]

[2012/12/28 16:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Extensions
[2014/01/05 23:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1cohlypi.default\extensions
[2014/01/05 23:39:53 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1cohlypi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/12/21 13:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/21 14:00:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bdruninstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Total Defense PC Tuneup Reminder] C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe (PC Pitstop LLC)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3310497078-3473027591-919061896-1003..\Run: [cdloader] C:\Users\Sharon\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 3.6.lnk = C:\Program Files (x86)\LibreOffice 3.6\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3310497078-3473027591-919061896-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD2AA287-FDD7-4D69-AF62-80D5F4710BA7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{36665ea6-70ff-11e3-9103-0024218592bd}\Shell - "" = AutoRun
O33 - MountPoints2\{36665ea6-70ff-11e3-9103-0024218592bd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/06 15:17:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 15:00:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 15:00:20 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Sharon\Desktop\JRT.exe
[2014/01/06 10:29:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/06 10:26:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2014/01/05 23:51:28 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Sharon\Desktop\dds.com
[2014/01/05 13:15:04 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Malwarebytes
[2014/01/05 10:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/01/05 10:45:46 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\MFAData
[2014/01/05 10:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2014/01/05 10:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/01/05 10:44:20 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\QuickScan
[2014/01/04 16:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/04 16:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/04 16:22:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/04 16:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/04 13:15:16 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2013/12/29 21:46:44 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/29 21:44:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/12/29 21:36:33 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\fontconfig
[2013/12/29 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\gegl-0.2
[2013/12/29 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\Sharon\.gimp-2.8
[2013/12/29 21:34:20 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Programs
[2013/12/21 13:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/12 03:02:45 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 03:02:44 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 03:02:44 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 03:02:42 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 03:01:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 03:01:23 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 03:01:23 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 03:01:23 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 03:01:23 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 03:01:23 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 03:01:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 03:01:22 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 03:01:22 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 03:01:22 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 03:01:22 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 03:01:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 03:01:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 03:01:20 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 03:01:19 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 03:01:17 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 04:42:55 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 04:42:55 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 04:42:54 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 04:42:54 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 04:42:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 04:42:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 04:42:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 04:42:48 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 04:42:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 04:42:48 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 04:42:48 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 04:42:48 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 04:42:48 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/10 19:03:00 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 19:03:00 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 09:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2014/01/06 15:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/06 15:42:53 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 15:42:53 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 15:42:36 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/06 15:42:36 | 000,666,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/06 15:42:36 | 000,126,328 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/06 15:37:12 | 000,165,376 | ---- | M] () -- C:\Users\Sharon\Desktop\SystemLook_x64.exe
[2014/01/06 15:35:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 15:35:34 | 3006,787,584 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/06 15:17:08 | 001,233,962 | ---- | M] () -- C:\Users\Sharon\Desktop\adwcleaner.exe
[2014/01/06 14:58:19 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Sharon\Desktop\JRT.exe
[2014/01/06 10:26:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2014/01/05 23:51:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Sharon\Desktop\dds.com
[2014/01/04 16:22:34 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 11:58:13 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2013/12/29 21:48:22 | 000,762,832 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/29 21:39:51 | 052,710,169 | ---- | M] () -- C:\Users\Sharon\Desktop\vinylcafe_20131228_20570.mp3
[2013/12/20 14:16:06 | 000,139,956 | ---- | M] () -- C:\Users\Sharon\Desktop\girls.jpeg
[2013/12/20 14:06:35 | 000,144,192 | ---- | M] () -- C:\Users\Sharon\Desktop\cecil.jpeg
[2013/12/19 22:24:35 | 000,128,280 | ---- | M] () -- C:\Users\Sharon\Desktop\s & s.jpeg
[2013/12/15 21:17:15 | 000,038,805 | R--- | M] () -- C:\Users\Sharon\Desktop\ATT00054-1.jpg
[2013/12/12 03:19:52 | 000,707,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 19:03:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 19:03:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 19:02:34 | 009,272,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/10 12:39:45 | 000,435,543 | ---- | M] () -- C:\Users\Sharon\Documents\Gift Certificate Nov11.wpd
[2013/12/10 10:45:02 | 000,009,663 | ---- | M] () -- C:\Users\Sharon\Documents\certificate records.wpd
[2013/12/10 00:59:25 | 000,002,780 | ---- | M] () -- C:\Users\Sharon\Documents\sign2 for gift certs.wpd

========== Files Created - No Company Name ==========

[2014/01/06 15:37:35 | 000,165,376 | ---- | C] () -- C:\Users\Sharon\Desktop\SystemLook_x64.exe
[2014/01/06 15:17:29 | 001,233,962 | ---- | C] () -- C:\Users\Sharon\Desktop\adwcleaner.exe
[2014/01/04 16:22:34 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 21:48:22 | 000,762,832 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/29 21:39:14 | 052,710,169 | ---- | C] () -- C:\Users\Sharon\Desktop\vinylcafe_20131228_20570.mp3
[2013/12/20 14:16:25 | 000,139,956 | ---- | C] () -- C:\Users\Sharon\Desktop\girls.jpeg
[2013/12/20 14:06:58 | 000,144,192 | ---- | C] () -- C:\Users\Sharon\Desktop\cecil.jpeg
[2013/12/19 22:25:15 | 000,128,280 | ---- | C] () -- C:\Users\Sharon\Desktop\s & s.jpeg
[2013/12/15 21:17:17 | 000,038,805 | R--- | C] () -- C:\Users\Sharon\Desktop\ATT00054-1.jpg
[2013/12/10 19:03:00 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/07 22:01:00 | 000,061,678 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\PFP110JPR.{PB
[2013/02/07 22:01:00 | 000,012,358 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\PFP110JCM.{PB
[2013/01/14 22:30:23 | 000,028,341 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Tab Separated Values (Windows).ADR
[2013/01/13 11:46:18 | 000,028,516 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013/01/11 15:14:01 | 000,000,071 | ---- | C] () -- C:\Windows\PrintWorkShop2008LE.ini
[2013/01/07 14:13:16 | 000,000,264 | ---- | C] () -- C:\Windows\SysWow64\BDEMERGE.INI
[2013/01/07 13:32:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/12/30 16:58:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/30 16:58:10 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/12/30 16:58:10 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/12/29 14:55:22 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/12/29 14:55:05 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012/12/28 14:19:57 | 000,000,465 | ---- | C] () -- C:\Windows\lexstat.ini
[2012/12/28 14:16:03 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll
[2012/12/28 14:16:03 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll
[2012/12/28 14:16:03 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll
[2012/12/28 14:16:03 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll
[2012/12/28 14:16:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll
[2012/12/28 14:16:03 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll
[2012/12/28 14:16:03 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe
[2012/12/28 14:16:03 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll
[2012/12/28 14:16:03 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll
[2012/12/28 14:16:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll
[2012/12/28 14:16:03 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll
[2012/12/28 14:16:03 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe
[2012/12/28 14:16:03 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe
[2012/12/28 14:16:03 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll
[2012/12/28 14:16:03 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfppls.exe
[2012/12/28 14:16:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll
[2012/12/28 14:16:03 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll
[2012/09/18 16:45:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
antijkc
Active Member
 
Posts: 9
Joined: January 6th, 2014, 12:46 am

Re: Respawning, Multiple Infection

Unread postby pgmigg » January 7th, 2014, 12:53 am

Hello antijkc,

Very good results! :D Let continue...

Step 1.
Remove Program
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click this Entry, if it exists, choose Uninstall, and give permission to Continue:
    FreeRIP 3.92
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program have been uninstalled, please close Control Panel.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{501451DE-5808-4599-B544-8BD0915B6B24}_is1"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]
    "ad"=-
    
    :Files
    C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage
    C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal
    C:\SUPERDelete
    C:\Windows\ativpsrm.bin
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
Malwarebytes' Anti-Malware Rerun
As I saw you already have latest version of MBAM.
  1. Please start MBAM (Malwarebytes' Anti-Malware).
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab. Then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent MBAM Log file.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Respawning, Multiple Infection

Unread postby antijkc » January 7th, 2014, 1:56 am

A: No problems!

B: All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{501451DE-5808-4599-B544-8BD0915B6B24}_is1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{501451DE-5808-4599-B544-8BD0915B6B24}_is1\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} not found.
========== FILES ==========
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage moved successfully.
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal moved successfully.
C:\SUPERDelete folder moved successfully.
C:\Windows\ativpsrm.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sharon
->Temp folder emptied: 17500902 bytes
->Temporary Internet Files folder emptied: 22914 bytes
->FireFox cache emptied: 34476167 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 287614 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01072014_000649

Files\Folders moved on Reboot...
C:\Users\Sharon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

C: Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sharon :: MAISONVILLE [administrator]

07/01/2014 12:11:27 AM
mbam-log-2014-01-07 (00-11-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380304
Time elapsed: 40 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

D: Last reboot still had pop-up that page wouldn't load, but I haven't rebooted since before this set of instructions.
antijkc
Active Member
 
Posts: 9
Joined: January 6th, 2014, 12:46 am

Re: Respawning, Multiple Infection

Unread postby pgmigg » January 7th, 2014, 6:17 pm

Hello antijkc,

D: Last reboot still had pop-up that page wouldn't load, but I haven't rebooted since before this set of instructions
Please tell me in which browsers you have such pop-ups?
Did you mean rebooting computer or opening/closing browsers?

BTW, I need to ask you to run couple more scans...

Step 1.
TDSSKiller - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 2.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Answers for my questions.
  3. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  4. Contents of the ESETScan.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Respawning, Multiple Infection

Unread postby antijkc » January 7th, 2014, 8:32 pm

A: No problems

B: Not a browser, just a window that doesn't identify itself unless I right click on the launch bar icon where the application is called PC Tune-Up, but I had uninstalled that as it seemed to be causing problems.

C: 17:38:41.0501 0x0158 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
17:38:53.0045 0x0158 ============================================================
17:38:53.0045 0x0158 Current date / time: 2014/01/07 17:38:53.0045
17:38:53.0045 0x0158 SystemInfo:
17:38:53.0045 0x0158
17:38:53.0045 0x0158 OS Version: 6.1.7601 ServicePack: 1.0
17:38:53.0045 0x0158 Product type: Workstation
17:38:53.0045 0x0158 ComputerName: MAISONVILLE
17:38:53.0045 0x0158 UserName: Sharon
17:38:53.0045 0x0158 Windows directory: C:\Windows
17:38:53.0045 0x0158 System windows directory: C:\Windows
17:38:53.0045 0x0158 Running under WOW64
17:38:53.0045 0x0158 Processor architecture: Intel x64
17:38:53.0045 0x0158 Number of processors: 2
17:38:53.0045 0x0158 Page size: 0x1000
17:38:53.0045 0x0158 Boot type: Normal boot
17:38:53.0045 0x0158 ============================================================
17:38:54.0371 0x0158 KLMD registered as C:\Windows\system32\drivers\79164984.sys
17:38:54.0465 0x0158 System UUID: {D1BECEFF-7B21-22B9-FF99-FFDE309F039A}
17:38:54.0964 0x0158 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:54.0980 0x0158 ============================================================
17:38:54.0980 0x0158 \Device\Harddisk0\DR0:
17:38:54.0980 0x0158 MBR partitions:
17:38:54.0980 0x0158 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x781000, BlocksNum 0x56DC4800
17:38:54.0980 0x0158 ============================================================
17:38:54.0995 0x0158 C: <-> \Device\Harddisk0\DR0\Partition1
17:38:54.0995 0x0158 ============================================================
17:38:54.0995 0x0158 Initialize success
17:38:54.0995 0x0158 ============================================================
17:39:15.0416 0x084c ============================================================
17:39:15.0416 0x084c Scan started
17:39:15.0416 0x084c Mode: Manual;
17:39:15.0416 0x084c ============================================================
17:39:15.0416 0x084c KSN ping started
17:39:18.0349 0x084c KSN ping finished: true
17:39:18.0848 0x084c ================ Scan system memory ========================
17:39:18.0848 0x084c System memory - ok
17:39:18.0848 0x084c ================ Scan services =============================
17:39:19.0004 0x084c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:39:19.0004 0x084c 1394ohci - ok
17:39:19.0035 0x084c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:39:19.0051 0x084c ACPI - ok
17:39:19.0066 0x084c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:39:19.0066 0x084c AcpiPmi - ok
17:39:19.0097 0x084c [ 560649E6A9C11F6124F97310EF387C45, 6F6E0467BBBBA2D67E050C5730D66032A6265049A1B77C27C470D1F928F16166 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
17:39:19.0113 0x084c ADIHdAudAddService - ok
17:39:19.0175 0x084c [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:39:19.0191 0x084c AdobeARMservice - ok
17:39:19.0269 0x084c [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:39:19.0285 0x084c AdobeFlashPlayerUpdateSvc - ok
17:39:19.0316 0x084c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:39:19.0316 0x084c adp94xx - ok
17:39:19.0347 0x084c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:39:19.0363 0x084c adpahci - ok
17:39:19.0378 0x084c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:39:19.0378 0x084c adpu320 - ok
17:39:19.0409 0x084c [ 3BDB13C79CC8C06E2F8182595903ED69, 9E00D6649E862DE6812718B091C350E05A2C5C4D28DE8E05E3DD1F789A04EE96 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
17:39:19.0425 0x084c AEADIFilters - ok
17:39:19.0425 0x084c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:39:19.0441 0x084c AeLookupSvc - ok
17:39:19.0472 0x084c [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
17:39:19.0487 0x084c AFD - ok
17:39:19.0503 0x084c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
17:39:19.0503 0x084c agp440 - ok
17:39:19.0534 0x084c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
17:39:19.0534 0x084c ALG - ok
17:39:19.0565 0x084c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
17:39:19.0565 0x084c aliide - ok
17:39:19.0597 0x084c [ E20DDDFBD0DBE7D8EAD4D7A51D654367, 62164C58655318E7453C6136BE845091D6244A69BD762F1D588605670BA66B12 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:39:19.0597 0x084c AMD External Events Utility - ok
17:39:19.0612 0x084c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
17:39:19.0612 0x084c amdide - ok
17:39:19.0628 0x084c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:39:19.0643 0x084c AmdK8 - ok
17:39:20.0002 0x084c [ 4284FB1240537A33E6EC417EFD87D40F, DAD37EBDCD57C8559FD9395AED7FA85BCA1EDB0337CD2A4F7613E869D859B3F2 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:39:20.0314 0x084c amdkmdag - ok
17:39:20.0377 0x084c [ 6C25C497E05EFD0CB6033A0444FC9B51, 318318F06545869D5E17C6CC9E48109790C2F3A5E65779CB1569A10610136B34 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:39:20.0392 0x084c amdkmdap - ok
17:39:20.0392 0x084c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:39:20.0392 0x084c AmdPPM - ok
17:39:20.0423 0x084c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:39:20.0423 0x084c amdsata - ok
17:39:20.0455 0x084c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:39:20.0455 0x084c amdsbs - ok
17:39:20.0470 0x084c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:39:20.0470 0x084c amdxata - ok
17:39:20.0486 0x084c [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
17:39:20.0486 0x084c AppID - ok
17:39:20.0501 0x084c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:39:20.0517 0x084c AppIDSvc - ok
17:39:20.0548 0x084c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
17:39:20.0548 0x084c Appinfo - ok
17:39:20.0595 0x084c [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
17:39:20.0595 0x084c AppMgmt - ok
17:39:20.0611 0x084c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
17:39:20.0611 0x084c arc - ok
17:39:20.0642 0x084c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:39:20.0642 0x084c arcsas - ok
17:39:20.0751 0x084c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:39:20.0751 0x084c aspnet_state - ok
17:39:20.0782 0x084c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:39:20.0782 0x084c AsyncMac - ok
17:39:20.0813 0x084c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
17:39:20.0813 0x084c atapi - ok
17:39:21.0157 0x084c [ 4284FB1240537A33E6EC417EFD87D40F, DAD37EBDCD57C8559FD9395AED7FA85BCA1EDB0337CD2A4F7613E869D859B3F2 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:39:21.0406 0x084c atikmdag - ok
17:39:21.0484 0x084c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:39:21.0500 0x084c AudioEndpointBuilder - ok
17:39:21.0531 0x084c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:39:21.0547 0x084c AudioSrv - ok
17:39:21.0781 0x084c [ 4DB93F4DB7077801D2D82013506AC1D0, 3D71655D1557021D5D828E37EAFDBA35C631061E48D64B9D376746F8FCC760B3 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
17:39:21.0905 0x084c AVGIDSAgent - ok
17:39:21.0952 0x084c [ 92B7689FBC131E143421A19C18320E34, D3A323015790355070A380731CA56547F518F8AF800BC71670481A646C8FEEB3 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:39:21.0952 0x084c AVGIDSDriver - ok
17:39:21.0983 0x084c [ C8D9EEACF266512C1FA52E2ECF5AD944, 01972886F4324C55BE4450F2E18F263FBF0BE7525A9390714216E6C7A1827B1D ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
17:39:21.0983 0x084c AVGIDSHA - ok
17:39:21.0999 0x084c [ FACD18A89FDEBC35C85CAF762B294BE2, FD6EBE87ACA6CC017AB7ED886B2BC13CA05BDA38E4B7E8A63F33EF7E5C755BB8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
17:39:21.0999 0x084c Avgldx64 - ok
17:39:22.0030 0x084c [ 29FCDEAC6086FB7E55344B51E35D99CE, 06408D79DF92B8A31DE0CA518BD93CA211D3192496CA3783762F289549F8F615 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
17:39:22.0046 0x084c Avgloga - ok
17:39:22.0061 0x084c [ 85053293DCDE19829E8691A9E9E8A6FF, 1F115376DCF888C0ED928D5E7150CC4602510FDA785DE76912D415366D8D7393 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
17:39:22.0061 0x084c Avgmfx64 - ok
17:39:22.0093 0x084c [ E191E443B0F7B05E784279A1C29B9D2A, 24B2B048C2CE5520A6B0E6702F55B5B65411E3E3D0857301E430EF2F9D7ECAFE ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
17:39:22.0093 0x084c Avgrkx64 - ok
17:39:22.0124 0x084c [ 69BD90E337625F96C718CACE7A9C9E29, 586948D6715ACB845D58BB5A73B8E5DA96A5415BC67D0508054F03D9A5C21768 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
17:39:22.0124 0x084c Avgtdia - ok
17:39:22.0155 0x084c [ D646FA5135A1CD795877AFE9D17FA9ED, 2F97FBCD7BD75727A77C17D75D2482AE819D5D2EB9760D96412F9C20AA7D9473 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
17:39:22.0155 0x084c avgwd - ok
17:39:22.0186 0x084c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:39:22.0186 0x084c AxInstSV - ok
17:39:22.0233 0x084c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:39:22.0249 0x084c b06bdrv - ok
17:39:22.0264 0x084c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:39:22.0280 0x084c b57nd60a - ok
17:39:22.0295 0x084c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
17:39:22.0295 0x084c BDESVC - ok
17:39:22.0311 0x084c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
17:39:22.0311 0x084c Beep - ok
17:39:22.0342 0x084c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
17:39:22.0373 0x084c BFE - ok
17:39:22.0420 0x084c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
17:39:22.0436 0x084c BITS - ok
17:39:22.0467 0x084c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:39:22.0467 0x084c blbdrive - ok
17:39:22.0498 0x084c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:39:22.0498 0x084c bowser - ok
17:39:22.0514 0x084c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:39:22.0514 0x084c BrFiltLo - ok
17:39:22.0529 0x084c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:39:22.0529 0x084c BrFiltUp - ok
17:39:22.0545 0x084c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
17:39:22.0561 0x084c Browser - ok
17:39:22.0576 0x084c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:39:22.0592 0x084c Brserid - ok
17:39:22.0592 0x084c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:39:22.0607 0x084c BrSerWdm - ok
17:39:22.0607 0x084c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:39:22.0607 0x084c BrUsbMdm - ok
17:39:22.0623 0x084c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:39:22.0623 0x084c BrUsbSer - ok
17:39:22.0623 0x084c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:39:22.0639 0x084c BTHMODEM - ok
17:39:22.0654 0x084c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
17:39:22.0654 0x084c bthserv - ok
17:39:22.0670 0x084c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:39:22.0685 0x084c cdfs - ok
17:39:22.0701 0x084c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:39:22.0701 0x084c cdrom - ok
17:39:22.0717 0x084c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
17:39:22.0717 0x084c CertPropSvc - ok
17:39:22.0717 0x084c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
17:39:22.0732 0x084c circlass - ok
17:39:22.0748 0x084c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
17:39:22.0763 0x084c CLFS - ok
17:39:22.0810 0x084c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:39:22.0810 0x084c clr_optimization_v2.0.50727_32 - ok
17:39:22.0841 0x084c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:39:22.0841 0x084c clr_optimization_v2.0.50727_64 - ok
17:39:22.0919 0x084c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:39:22.0935 0x084c clr_optimization_v4.0.30319_32 - ok
17:39:22.0951 0x084c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:39:22.0966 0x084c clr_optimization_v4.0.30319_64 - ok
17:39:22.0982 0x084c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:39:22.0997 0x084c CmBatt - ok
17:39:23.0013 0x084c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:39:23.0013 0x084c cmdide - ok
17:39:23.0060 0x084c [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
17:39:23.0075 0x084c CNG - ok
17:39:23.0091 0x084c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:39:23.0091 0x084c Compbatt - ok
17:39:23.0122 0x084c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:39:23.0122 0x084c CompositeBus - ok
17:39:23.0122 0x084c COMSysApp - ok
17:39:23.0153 0x084c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:39:23.0153 0x084c crcdisk - ok
17:39:23.0200 0x084c [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:39:23.0200 0x084c CryptSvc - ok
17:39:23.0216 0x084c [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
17:39:23.0231 0x084c CSC - ok
17:39:23.0278 0x084c [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
17:39:23.0294 0x084c CscService - ok
17:39:23.0325 0x084c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:39:23.0341 0x084c DcomLaunch - ok
17:39:23.0372 0x084c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
17:39:23.0372 0x084c defragsvc - ok
17:39:23.0387 0x084c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:39:23.0403 0x084c DfsC - ok
17:39:23.0419 0x084c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:39:23.0434 0x084c Dhcp - ok
17:39:23.0450 0x084c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
17:39:23.0450 0x084c discache - ok
17:39:23.0465 0x084c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
17:39:23.0481 0x084c Disk - ok
17:39:23.0497 0x084c [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:39:23.0497 0x084c dmvsc - ok
17:39:23.0528 0x084c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:39:23.0528 0x084c Dnscache - ok
17:39:23.0559 0x084c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
17:39:23.0559 0x084c dot3svc - ok
17:39:23.0590 0x084c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
17:39:23.0590 0x084c DPS - ok
17:39:23.0621 0x084c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:39:23.0621 0x084c drmkaud - ok
17:39:23.0668 0x084c [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:39:23.0699 0x084c DXGKrnl - ok
17:39:23.0715 0x084c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
17:39:23.0715 0x084c EapHost - ok
17:39:23.0933 0x084c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:39:24.0011 0x084c ebdrv - ok
17:39:24.0043 0x084c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
17:39:24.0043 0x084c EFS - ok
17:39:24.0105 0x084c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:39:24.0121 0x084c ehRecvr - ok
17:39:24.0136 0x084c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
17:39:24.0136 0x084c ehSched - ok
17:39:24.0167 0x084c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:39:24.0183 0x084c elxstor - ok
17:39:24.0199 0x084c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:39:24.0199 0x084c ErrDev - ok
17:39:24.0230 0x084c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
17:39:24.0245 0x084c EventSystem - ok
17:39:24.0261 0x084c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
17:39:24.0261 0x084c exfat - ok
17:39:24.0277 0x084c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:39:24.0292 0x084c fastfat - ok
17:39:24.0323 0x084c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
17:39:24.0339 0x084c Fax - ok
17:39:24.0355 0x084c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:39:24.0355 0x084c fdc - ok
17:39:24.0386 0x084c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
17:39:24.0386 0x084c fdPHost - ok
17:39:24.0386 0x084c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
17:39:24.0386 0x084c FDResPub - ok
17:39:24.0401 0x084c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:39:24.0417 0x084c FileInfo - ok
17:39:24.0417 0x084c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:39:24.0417 0x084c Filetrace - ok
17:39:24.0433 0x084c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:39:24.0433 0x084c flpydisk - ok
17:39:24.0448 0x084c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:39:24.0464 0x084c FltMgr - ok
17:39:24.0511 0x084c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
17:39:24.0542 0x084c FontCache - ok
17:39:24.0589 0x084c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:39:24.0589 0x084c FontCache3.0.0.0 - ok
17:39:24.0604 0x084c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:39:24.0604 0x084c FsDepends - ok
17:39:24.0635 0x084c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:39:24.0635 0x084c Fs_Rec - ok
17:39:24.0651 0x084c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:39:24.0667 0x084c fvevol - ok
17:39:24.0682 0x084c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:39:24.0682 0x084c gagp30kx - ok
17:39:24.0713 0x084c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
17:39:24.0745 0x084c gpsvc - ok
17:39:24.0791 0x084c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:39:24.0791 0x084c gupdate - ok
17:39:24.0791 0x084c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:39:24.0791 0x084c gupdatem - ok
17:39:24.0807 0x084c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:39:24.0807 0x084c hcw85cir - ok
17:39:24.0823 0x084c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:39:24.0838 0x084c HdAudAddService - ok
17:39:24.0854 0x084c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:39:24.0869 0x084c HDAudBus - ok
17:39:24.0885 0x084c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:39:24.0885 0x084c HidBatt - ok
17:39:24.0885 0x084c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:39:24.0885 0x084c HidBth - ok
17:39:24.0901 0x084c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
17:39:24.0901 0x084c HidIr - ok
17:39:24.0916 0x084c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
17:39:24.0916 0x084c hidserv - ok
17:39:24.0947 0x084c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:39:24.0947 0x084c HidUsb - ok
17:39:24.0963 0x084c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:39:24.0963 0x084c hkmsvc - ok
17:39:24.0994 0x084c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:39:24.0994 0x084c HomeGroupListener - ok
17:39:25.0025 0x084c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:39:25.0025 0x084c HomeGroupProvider - ok
17:39:25.0041 0x084c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:39:25.0041 0x084c HpSAMD - ok
17:39:25.0088 0x084c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:39:25.0103 0x084c HTTP - ok
17:39:25.0135 0x084c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:39:25.0135 0x084c hwpolicy - ok
17:39:25.0150 0x084c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:39:25.0150 0x084c i8042prt - ok
17:39:25.0213 0x084c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:39:25.0213 0x084c iaStorV - ok
17:39:25.0259 0x084c [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:39:25.0291 0x084c idsvc - ok
17:39:25.0306 0x084c IEEtwCollectorService - ok
17:39:25.0322 0x084c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:39:25.0322 0x084c iirsp - ok
17:39:25.0369 0x084c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
17:39:25.0384 0x084c IKEEXT - ok
17:39:25.0415 0x084c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
17:39:25.0415 0x084c intelide - ok
17:39:25.0447 0x084c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
17:39:25.0447 0x084c intelppm - ok
17:39:25.0478 0x084c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:39:25.0478 0x084c IPBusEnum - ok
17:39:25.0478 0x084c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:39:25.0493 0x084c IpFilterDriver - ok
17:39:25.0525 0x084c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:39:25.0540 0x084c iphlpsvc - ok
17:39:25.0540 0x084c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:39:25.0556 0x084c IPMIDRV - ok
17:39:25.0556 0x084c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:39:25.0556 0x084c IPNAT - ok
17:39:25.0571 0x084c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:39:25.0571 0x084c IRENUM - ok
17:39:25.0587 0x084c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:39:25.0587 0x084c isapnp - ok
17:39:25.0618 0x084c [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:39:25.0634 0x084c iScsiPrt - ok
17:39:25.0634 0x084c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:39:25.0649 0x084c kbdclass - ok
17:39:25.0649 0x084c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:39:25.0649 0x084c kbdhid - ok
17:39:25.0665 0x084c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
17:39:25.0665 0x084c KeyIso - ok
17:39:25.0696 0x084c [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:39:25.0696 0x084c KSecDD - ok
17:39:25.0712 0x084c [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:39:25.0712 0x084c KSecPkg - ok
17:39:25.0727 0x084c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:39:25.0727 0x084c ksthunk - ok
17:39:25.0759 0x084c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
17:39:25.0774 0x084c KtmRm - ok
17:39:25.0790 0x084c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:39:25.0805 0x084c LanmanServer - ok
17:39:25.0837 0x084c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:39:25.0837 0x084c LanmanWorkstation - ok
17:39:25.0868 0x084c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:39:25.0868 0x084c lltdio - ok
17:39:25.0899 0x084c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:39:25.0915 0x084c lltdsvc - ok
17:39:25.0915 0x084c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:39:25.0930 0x084c lmhosts - ok
17:39:25.0946 0x084c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:39:25.0946 0x084c LSI_FC - ok
17:39:25.0961 0x084c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:39:25.0961 0x084c LSI_SAS - ok
17:39:25.0993 0x084c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:39:25.0993 0x084c LSI_SAS2 - ok
17:39:26.0008 0x084c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:39:26.0008 0x084c LSI_SCSI - ok
17:39:26.0039 0x084c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
17:39:26.0039 0x084c luafv - ok
17:39:26.0039 0x084c lxbf_device - ok
17:39:26.0055 0x084c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:39:26.0055 0x084c Mcx2Svc - ok
17:39:26.0071 0x084c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
17:39:26.0086 0x084c megasas - ok
17:39:26.0102 0x084c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:39:26.0117 0x084c MegaSR - ok
17:39:26.0133 0x084c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
17:39:26.0133 0x084c MMCSS - ok
17:39:26.0149 0x084c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
17:39:26.0149 0x084c Modem - ok
17:39:26.0180 0x084c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:39:26.0180 0x084c monitor - ok
17:39:26.0195 0x084c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:39:26.0211 0x084c mouclass - ok
17:39:26.0227 0x084c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:39:26.0227 0x084c mouhid - ok
17:39:26.0258 0x084c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:39:26.0258 0x084c mountmgr - ok
17:39:26.0305 0x084c [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:39:26.0305 0x084c MozillaMaintenance - ok
17:39:26.0320 0x084c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
17:39:26.0320 0x084c mpio - ok
17:39:26.0351 0x084c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:39:26.0351 0x084c mpsdrv - ok
17:39:26.0383 0x084c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:39:26.0398 0x084c MpsSvc - ok
17:39:26.0429 0x084c [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:39:26.0445 0x084c MRxDAV - ok
17:39:26.0461 0x084c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:39:26.0476 0x084c mrxsmb - ok
17:39:26.0492 0x084c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:39:26.0492 0x084c mrxsmb10 - ok
17:39:26.0507 0x084c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:39:26.0507 0x084c mrxsmb20 - ok
17:39:26.0539 0x084c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
17:39:26.0539 0x084c msahci - ok
17:39:26.0601 0x084c [ A592A054D78750B4D73ABAA4C94DECDF, 40B135C9F9EE698EC78BD19BD18353AE2CF4D020DDB9CFC37CD2FDBF7602614A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
17:39:26.0617 0x084c MSCamSvc - ok
17:39:26.0648 0x084c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:39:26.0648 0x084c msdsm - ok
17:39:26.0679 0x084c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
17:39:26.0695 0x084c MSDTC - ok
17:39:26.0741 0x084c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:39:26.0741 0x084c Msfs - ok
17:39:26.0773 0x084c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:39:26.0773 0x084c mshidkmdf - ok
17:39:26.0773 0x084c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:39:26.0773 0x084c msisadrv - ok
17:39:26.0804 0x084c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:39:26.0819 0x084c MSiSCSI - ok
17:39:26.0819 0x084c msiserver - ok
17:39:26.0835 0x084c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:39:26.0835 0x084c MSKSSRV - ok
17:39:26.0851 0x084c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:39:26.0851 0x084c MSPCLOCK - ok
17:39:26.0866 0x084c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:39:26.0866 0x084c MSPQM - ok
17:39:26.0897 0x084c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:39:26.0913 0x084c MsRPC - ok
17:39:26.0929 0x084c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:39:26.0929 0x084c mssmbios - ok
17:39:26.0929 0x084c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:39:26.0929 0x084c MSTEE - ok
17:39:26.0944 0x084c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:39:26.0944 0x084c MTConfig - ok
17:39:26.0960 0x084c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
17:39:26.0960 0x084c Mup - ok
17:39:26.0991 0x084c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
17:39:27.0007 0x084c napagent - ok
17:39:27.0038 0x084c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:39:27.0038 0x084c NativeWifiP - ok
17:39:27.0085 0x084c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
17:39:27.0116 0x084c NDIS - ok
17:39:27.0131 0x084c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:39:27.0131 0x084c NdisCap - ok
17:39:27.0163 0x084c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:39:27.0163 0x084c NdisTapi - ok
17:39:27.0178 0x084c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:39:27.0178 0x084c Ndisuio - ok
17:39:27.0194 0x084c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:39:27.0209 0x084c NdisWan - ok
17:39:27.0225 0x084c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:39:27.0225 0x084c NDProxy - ok
17:39:27.0241 0x084c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:39:27.0241 0x084c NetBIOS - ok
17:39:27.0256 0x084c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:39:27.0272 0x084c NetBT - ok
17:39:27.0272 0x084c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
17:39:27.0287 0x084c Netlogon - ok
17:39:27.0319 0x084c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
17:39:27.0334 0x084c Netman - ok
17:39:27.0350 0x084c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:39:27.0365 0x084c NetMsmqActivator - ok
17:39:27.0365 0x084c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:39:27.0365 0x084c NetPipeActivator - ok
17:39:27.0397 0x084c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
17:39:27.0412 0x084c netprofm - ok
17:39:27.0412 0x084c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:39:27.0412 0x084c NetTcpActivator - ok
17:39:27.0428 0x084c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:39:27.0428 0x084c NetTcpPortSharing - ok
17:39:27.0443 0x084c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:39:27.0459 0x084c nfrd960 - ok
17:39:27.0475 0x084c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:39:27.0475 0x084c NlaSvc - ok
17:39:27.0490 0x084c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:39:27.0490 0x084c Npfs - ok
17:39:27.0521 0x084c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
17:39:27.0521 0x084c nsi - ok
17:39:27.0537 0x084c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:39:27.0537 0x084c nsiproxy - ok
17:39:27.0615 0x084c [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:39:27.0646 0x084c Ntfs - ok
17:39:27.0662 0x084c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
17:39:27.0677 0x084c Null - ok
17:39:27.0709 0x084c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:39:27.0709 0x084c nvraid - ok
17:39:27.0724 0x084c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:39:27.0724 0x084c nvstor - ok
17:39:27.0755 0x084c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:39:27.0755 0x084c nv_agp - ok
17:39:27.0771 0x084c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:39:27.0771 0x084c ohci1394 - ok
17:39:27.0818 0x084c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:39:27.0818 0x084c p2pimsvc - ok
17:39:27.0849 0x084c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
17:39:27.0865 0x084c p2psvc - ok
17:39:27.0880 0x084c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
17:39:27.0880 0x084c Parport - ok
17:39:27.0911 0x084c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:39:27.0911 0x084c partmgr - ok
17:39:27.0927 0x084c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
17:39:27.0943 0x084c PcaSvc - ok
17:39:27.0943 0x084c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
17:39:27.0958 0x084c pci - ok
17:39:27.0974 0x084c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
17:39:27.0974 0x084c pciide - ok
17:39:28.0005 0x084c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:39:28.0005 0x084c pcmcia - ok
17:39:28.0021 0x084c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
17:39:28.0021 0x084c pcw - ok
17:39:28.0052 0x084c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:39:28.0067 0x084c PEAUTH - ok
17:39:28.0114 0x084c [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:39:28.0145 0x084c PeerDistSvc - ok
17:39:28.0208 0x084c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:39:28.0208 0x084c PerfHost - ok
17:39:28.0270 0x084c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
17:39:28.0301 0x084c pla - ok
17:39:28.0348 0x084c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:39:28.0364 0x084c PlugPlay - ok
17:39:28.0364 0x084c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:39:28.0379 0x084c PNRPAutoReg - ok
17:39:28.0379 0x084c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:39:28.0395 0x084c PNRPsvc - ok
17:39:28.0426 0x084c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:39:28.0442 0x084c PolicyAgent - ok
17:39:28.0473 0x084c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
17:39:28.0473 0x084c Power - ok
17:39:28.0489 0x084c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:39:28.0504 0x084c PptpMiniport - ok
17:39:28.0520 0x084c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
17:39:28.0520 0x084c Processor - ok
17:39:28.0551 0x084c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
17:39:28.0551 0x084c ProfSvc - ok
17:39:28.0567 0x084c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:39:28.0567 0x084c ProtectedStorage - ok
17:39:28.0598 0x084c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:39:28.0598 0x084c Psched - ok
17:39:28.0613 0x084c [ DEFD557D9B8C0FA3CEA6CC576400114E, 5A969B652EE5F2DE10E936482B9A7D23B7C5F9B3DBC71AC660F004EFFF0CD229 ] pwdrvio C:\Windows\system32\pwdrvio.sys
17:39:28.0613 0x084c pwdrvio - ok
17:39:28.0660 0x084c [ A2EE3B70A9E05F651B888078726C2787, 66F90B23A041F8050510A4DE6612F6CB7F3F259DDDDC2FA1BE7D578300B92188 ] pwdspio C:\Windows\system32\pwdspio.sys
17:39:28.0660 0x084c pwdspio - ok
17:39:28.0754 0x084c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:39:28.0801 0x084c ql2300 - ok
17:39:28.0816 0x084c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:39:28.0832 0x084c ql40xx - ok
17:39:28.0847 0x084c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
17:39:28.0863 0x084c QWAVE - ok
17:39:28.0879 0x084c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:39:28.0879 0x084c QWAVEdrv - ok
17:39:28.0894 0x084c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:39:28.0894 0x084c RasAcd - ok
17:39:28.0925 0x084c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:39:28.0925 0x084c RasAgileVpn - ok
17:39:28.0941 0x084c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
17:39:28.0957 0x084c RasAuto - ok
17:39:28.0972 0x084c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:39:28.0972 0x084c Rasl2tp - ok
17:39:29.0003 0x084c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
17:39:29.0019 0x084c RasMan - ok
17:39:29.0035 0x084c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:39:29.0035 0x084c RasPppoe - ok
17:39:29.0050 0x084c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:39:29.0050 0x084c RasSstp - ok
17:39:29.0066 0x084c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:39:29.0081 0x084c rdbss - ok
17:39:29.0097 0x084c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:39:29.0097 0x084c rdpbus - ok
17:39:29.0097 0x084c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:39:29.0097 0x084c RDPCDD - ok
17:39:29.0128 0x084c [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:39:29.0128 0x084c RDPDR - ok
17:39:29.0159 0x084c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:39:29.0159 0x084c RDPENCDD - ok
17:39:29.0159 0x084c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:39:29.0159 0x084c RDPREFMP - ok
17:39:29.0206 0x084c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:39:29.0206 0x084c RdpVideoMiniport - ok
17:39:29.0222 0x084c [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:39:29.0222 0x084c RDPWD - ok
17:39:29.0253 0x084c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:39:29.0253 0x084c rdyboost - ok
17:39:29.0284 0x084c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:39:29.0284 0x084c RemoteAccess - ok
17:39:29.0300 0x084c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:39:29.0315 0x084c RemoteRegistry - ok
17:39:29.0315 0x084c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:39:29.0331 0x084c RpcEptMapper - ok
17:39:29.0331 0x084c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
17:39:29.0331 0x084c RpcLocator - ok
17:39:29.0362 0x084c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
17:39:29.0378 0x084c RpcSs - ok
17:39:29.0393 0x084c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:39:29.0409 0x084c rspndr - ok
17:39:29.0425 0x084c [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:39:29.0425 0x084c s3cap - ok
17:39:29.0425 0x084c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
17:39:29.0425 0x084c SamSs - ok
17:39:29.0440 0x084c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:39:29.0456 0x084c sbp2port - ok
17:39:29.0471 0x084c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:39:29.0471 0x084c SCardSvr - ok
17:39:29.0487 0x084c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:39:29.0487 0x084c scfilter - ok
17:39:29.0549 0x084c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
17:39:29.0581 0x084c Schedule - ok
17:39:29.0596 0x084c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:39:29.0612 0x084c SCPolicySvc - ok
17:39:29.0627 0x084c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:39:29.0627 0x084c SDRSVC - ok
17:39:29.0643 0x084c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:39:29.0643 0x084c secdrv - ok
17:39:29.0659 0x084c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
17:39:29.0659 0x084c seclogon - ok
17:39:29.0674 0x084c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
17:39:29.0674 0x084c SENS - ok
17:39:29.0690 0x084c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:39:29.0690 0x084c SensrSvc - ok
17:39:29.0705 0x084c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:39:29.0721 0x084c Serenum - ok
17:39:29.0721 0x084c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:39:29.0737 0x084c Serial - ok
17:39:29.0737 0x084c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:39:29.0752 0x084c sermouse - ok
17:39:29.0783 0x084c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
17:39:29.0783 0x084c SessionEnv - ok
17:39:29.0799 0x084c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:39:29.0799 0x084c sffdisk - ok
17:39:29.0799 0x084c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:39:29.0799 0x084c sffp_mmc - ok
17:39:29.0815 0x084c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:39:29.0815 0x084c sffp_sd - ok
17:39:29.0815 0x084c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:39:29.0815 0x084c sfloppy - ok
17:39:29.0846 0x084c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:39:29.0861 0x084c SharedAccess - ok
17:39:29.0877 0x084c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:39:29.0893 0x084c ShellHWDetection - ok
17:39:29.0908 0x084c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:39:29.0908 0x084c SiSRaid2 - ok
17:39:29.0939 0x084c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:39:29.0939 0x084c SiSRaid4 - ok
17:39:29.0986 0x084c [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:39:30.0002 0x084c SkypeUpdate - ok
17:39:30.0017 0x084c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:39:30.0017 0x084c Smb - ok
17:39:30.0049 0x084c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:39:30.0049 0x084c SNMPTRAP - ok
17:39:30.0064 0x084c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
17:39:30.0064 0x084c spldr - ok
17:39:30.0095 0x084c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
17:39:30.0111 0x084c Spooler - ok
17:39:30.0220 0x084c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
17:39:30.0314 0x084c sppsvc - ok
17:39:30.0345 0x084c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:39:30.0345 0x084c sppuinotify - ok
17:39:30.0376 0x084c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:39:30.0392 0x084c srv - ok
17:39:30.0407 0x084c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:39:30.0423 0x084c srv2 - ok
17:39:30.0439 0x084c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:39:30.0454 0x084c srvnet - ok
17:39:30.0470 0x084c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:39:30.0470 0x084c SSDPSRV - ok
17:39:30.0485 0x084c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:39:30.0501 0x084c SstpSvc - ok
17:39:30.0517 0x084c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:39:30.0517 0x084c stexstor - ok
17:39:30.0548 0x084c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
17:39:30.0563 0x084c stisvc - ok
17:39:30.0579 0x084c [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:39:30.0579 0x084c storflt - ok
17:39:30.0595 0x084c [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
17:39:30.0595 0x084c StorSvc - ok
17:39:30.0626 0x084c [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:39:30.0626 0x084c storvsc - ok
17:39:30.0641 0x084c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:39:30.0641 0x084c swenum - ok
17:39:30.0673 0x084c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
17:39:30.0688 0x084c swprv - ok
17:39:30.0751 0x084c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
17:39:30.0797 0x084c SysMain - ok
17:39:30.0829 0x084c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:39:30.0829 0x084c TabletInputService - ok
17:39:30.0844 0x084c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
17:39:30.0860 0x084c TapiSrv - ok
17:39:30.0875 0x084c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
17:39:30.0875 0x084c TBS - ok
17:39:31.0016 0x084c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:39:31.0063 0x084c Tcpip - ok
17:39:31.0125 0x084c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:39:31.0156 0x084c TCPIP6 - ok
17:39:31.0203 0x084c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:39:31.0203 0x084c tcpipreg - ok
17:39:31.0219 0x084c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:39:31.0219 0x084c TDPIPE - ok
17:39:31.0234 0x084c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:39:31.0234 0x084c TDTCP - ok
17:39:31.0265 0x084c [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:39:31.0265 0x084c tdx - ok
17:39:31.0281 0x084c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:39:31.0281 0x084c TermDD - ok
17:39:31.0328 0x084c [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
17:39:31.0343 0x084c TermService - ok
17:39:31.0359 0x084c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
17:39:31.0359 0x084c Themes - ok
17:39:31.0375 0x084c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
17:39:31.0375 0x084c THREADORDER - ok
17:39:31.0375 0x084c [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
17:39:31.0390 0x084c TPM - ok
17:39:31.0406 0x084c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
17:39:31.0406 0x084c TrkWks - ok
17:39:31.0437 0x084c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:39:31.0453 0x084c TrustedInstaller - ok
17:39:31.0468 0x084c [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:39:31.0468 0x084c tssecsrv - ok
17:39:31.0499 0x084c [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:39:31.0499 0x084c TsUsbFlt - ok
17:39:31.0515 0x084c [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:39:31.0515 0x084c TsUsbGD - ok
17:39:31.0546 0x084c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:39:31.0546 0x084c tunnel - ok
17:39:31.0562 0x084c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:39:31.0562 0x084c uagp35 - ok
17:39:31.0593 0x084c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:39:31.0609 0x084c udfs - ok
17:39:31.0624 0x084c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:39:31.0624 0x084c UI0Detect - ok
17:39:31.0640 0x084c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:39:31.0640 0x084c uliagpkx - ok
17:39:31.0655 0x084c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:39:31.0655 0x084c umbus - ok
17:39:31.0671 0x084c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
17:39:31.0671 0x084c UmPass - ok
17:39:31.0687 0x084c [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
17:39:31.0687 0x084c UmRdpService - ok
17:39:31.0718 0x084c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
17:39:31.0718 0x084c upnphost - ok
17:39:31.0765 0x084c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:39:31.0780 0x084c usbaudio - ok
17:39:31.0811 0x084c [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:39:31.0827 0x084c usbccgp - ok
17:39:31.0858 0x084c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:39:31.0858 0x084c usbcir - ok
17:39:31.0889 0x084c [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:39:31.0889 0x084c usbehci - ok
17:39:31.0905 0x084c [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:39:31.0921 0x084c usbhub - ok
17:39:31.0936 0x084c [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:39:31.0936 0x084c usbohci - ok
17:39:31.0967 0x084c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:39:31.0967 0x084c usbprint - ok
17:39:31.0999 0x084c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:39:31.0999 0x084c usbscan - ok
17:39:32.0030 0x084c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:39:32.0030 0x084c USBSTOR - ok
17:39:32.0045 0x084c [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:39:32.0045 0x084c usbuhci - ok
17:39:32.0045 0x084c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
17:39:32.0061 0x084c UxSms - ok
17:39:32.0061 0x084c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
17:39:32.0061 0x084c VaultSvc - ok
17:39:32.0077 0x084c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:39:32.0077 0x084c vdrvroot - ok
17:39:32.0108 0x084c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
17:39:32.0123 0x084c vds - ok
17:39:32.0155 0x084c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:39:32.0155 0x084c vga - ok
17:39:32.0170 0x084c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:39:32.0170 0x084c VgaSave - ok
17:39:32.0186 0x084c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:39:32.0186 0x084c vhdmp - ok
17:39:32.0217 0x084c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
17:39:32.0217 0x084c viaide - ok
17:39:32.0233 0x084c [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:39:32.0233 0x084c vmbus - ok
17:39:32.0248 0x084c [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:39:32.0248 0x084c VMBusHID - ok
17:39:32.0264 0x084c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:39:32.0264 0x084c volmgr - ok
17:39:32.0295 0x084c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:39:32.0295 0x084c volmgrx - ok
17:39:32.0326 0x084c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:39:32.0326 0x084c volsnap - ok
17:39:32.0342 0x084c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:39:32.0357 0x084c vsmraid - ok
17:39:32.0420 0x084c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
17:39:32.0451 0x084c VSS - ok
17:39:32.0467 0x084c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:39:32.0467 0x084c vwifibus - ok
17:39:32.0545 0x084c [ C366AE91D2CC2C1C25380061D235C36B, FF641D2D913223069EEDCDC08286D91D40BEE5FC7471610DE76E98D8A32045A2 ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys
17:39:32.0607 0x084c VX3000 - ok
17:39:32.0638 0x084c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
17:39:32.0638 0x084c W32Time - ok
17:39:32.0669 0x084c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:39:32.0669 0x084c WacomPen - ok
17:39:32.0685 0x084c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:39:32.0685 0x084c WANARP - ok
17:39:32.0701 0x084c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:39:32.0701 0x084c Wanarpv6 - ok
17:39:32.0810 0x084c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:39:32.0872 0x084c WatAdminSvc - ok
17:39:32.0935 0x084c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
17:39:32.0966 0x084c wbengine - ok
17:39:32.0997 0x084c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:39:32.0997 0x084c WbioSrvc - ok
17:39:33.0028 0x084c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:39:33.0044 0x084c wcncsvc - ok
17:39:33.0059 0x084c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:39:33.0059 0x084c WcsPlugInService - ok
17:39:33.0075 0x084c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
17:39:33.0075 0x084c Wd - ok
17:39:33.0106 0x084c [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
17:39:33.0106 0x084c WDC_SAM - ok
17:39:33.0153 0x084c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:39:33.0169 0x084c Wdf01000 - ok
17:39:33.0184 0x084c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:39:33.0184 0x084c WdiServiceHost - ok
17:39:33.0200 0x084c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:39:33.0200 0x084c WdiSystemHost - ok
17:39:33.0231 0x084c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
17:39:33.0247 0x084c WebClient - ok
17:39:33.0278 0x084c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:39:33.0278 0x084c Wecsvc - ok
17:39:33.0293 0x084c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:39:33.0309 0x084c wercplsupport - ok
17:39:33.0325 0x084c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
17:39:33.0325 0x084c WerSvc - ok
17:39:33.0340 0x084c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:39:33.0340 0x084c WfpLwf - ok
17:39:33.0356 0x084c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:39:33.0356 0x084c WIMMount - ok
17:39:33.0371 0x084c WinDefend - ok
17:39:33.0387 0x084c WinHttpAutoProxySvc - ok
17:39:33.0418 0x084c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:39:33.0434 0x084c Winmgmt - ok
17:39:33.0512 0x084c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
17:39:33.0574 0x084c WinRM - ok
17:39:33.0605 0x084c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:39:33.0605 0x084c WinUsb - ok
17:39:33.0652 0x084c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:39:33.0668 0x084c Wlansvc - ok
17:39:33.0699 0x084c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:39:33.0699 0x084c WmiAcpi - ok
17:39:33.0715 0x084c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:39:33.0730 0x084c wmiApSrv - ok
17:39:33.0746 0x084c WMPNetworkSvc - ok
17:39:33.0746 0x084c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:39:33.0746 0x084c WPCSvc - ok
17:39:33.0777 0x084c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:39:33.0777 0x084c WPDBusEnum - ok
17:39:33.0793 0x084c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:39:33.0793 0x084c ws2ifsl - ok
17:39:33.0808 0x084c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
17:39:33.0808 0x084c wscsvc - ok
17:39:33.0824 0x084c WSearch - ok
17:39:33.0917 0x084c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
17:39:33.0980 0x084c wuauserv - ok
17:39:34.0011 0x084c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:39:34.0011 0x084c WudfPf - ok
17:39:34.0027 0x084c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:39:34.0042 0x084c WUDFRd - ok
17:39:34.0058 0x084c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:39:34.0058 0x084c wudfsvc - ok
17:39:34.0073 0x084c [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:39:34.0089 0x084c WwanSvc - ok
17:39:34.0089 0x084c ================ Scan global ===============================
17:39:34.0120 0x084c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:39:34.0151 0x084c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:39:34.0167 0x084c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:39:34.0198 0x084c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:39:34.0229 0x084c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:39:34.0245 0x084c [ Global ] - ok
17:39:34.0245 0x084c ================ Scan MBR ==================================
17:39:34.0245 0x084c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:39:34.0463 0x084c \Device\Harddisk0\DR0 - ok
17:39:34.0463 0x084c ================ Scan VBR ==================================
17:39:34.0479 0x084c [ FDCDE60432E2309D6D95190A07209E20 ] \Device\Harddisk0\DR0\Partition1
17:39:34.0495 0x084c \Device\Harddisk0\DR0\Partition1 - ok
17:39:34.0495 0x084c Waiting for KSN requests completion. In queue: 327
17:39:35.0509 0x084c Waiting for KSN requests completion. In queue: 327
17:39:36.0523 0x084c Waiting for KSN requests completion. In queue: 327
17:39:37.0537 0x084c Waiting for KSN requests completion. In queue: 15
17:39:38.0582 0x084c AV detected via SS2: AVG AntiVirus Free Edition 2013, C:\Program Files (x86)\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x42000 ( disabled : updated )
17:39:38.0597 0x084c Win FW state via NFP2: enabled
17:39:41.0515 0x084c ============================================================
17:39:41.0515 0x084c Scan finished
17:39:41.0515 0x084c ============================================================
17:39:41.0546 0x088c Detected object count: 0
17:39:41.0546 0x088c Actual detected object count: 0
17:40:06.0537 0x0b5c Deinitialize success

D: No threats found

E: Same as before.
antijkc
Active Member
 
Posts: 9
Joined: January 6th, 2014, 12:46 am

Re: Respawning, Multiple Infection

Unread postby pgmigg » January 8th, 2014, 1:55 am

Hello antijkc,

B: Not a browser, just a window that doesn't identify itself unless I right click on the launch bar icon where the application is called PC Tune-Up, but I had uninstalled that as it seemed to be causing problems.
Thank you! Please do the following:

CCleaner Image
Please download CCleaner ... © Piriform Ltd. and save it to your desktop.
CCleaner documentation can be found here...if needed.

To Install CCleaner:
Caution: Make sure to UNCHECK any other software install offers, before installing CCleaner.
  1. Right-click on ccsetup409.exe icon on your desktop and select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the "Next" button on Welcome to the CCleaner v4.09 Setup screen after selecting a language.
  3. Click "I Agree"...(License Agreement) if prompted.
  4. Click "Next" for default install location if prompted.
    The default is set to C:\Program Files\CCleaner. Unless you want it installed elsewhere, just leave it.
  5. Check the "Install Options" you want or leave existed marks.
  6. Click "Install".
  7. Uncheck View Release notes and click "Finish" when prompted.

To Run CCleaner:
  1. Right-click on CCleaner desktop icon and select "Run As Administrator..." to run it. If prompted by UAC, please allow it..
  2. Select and click Tools on the left Pane.
  3. Select and click Startup.
  4. Select and click Save to text file... button on the right bottom corner and safe startup.txt on your Desktop.
  5. Close CCleaner when finished.
  6. Locate the startup.txt file, open it by Notepad, copy the contents of that file, and post it in your next reply

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the startup.txt file
  3. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Respawning, Multiple Infection

Unread postby antijkc » January 8th, 2014, 10:43 am

A; No problems

B: Yes HKCU:Run cdloader magicJack L.P. "C:\Users\Sharon\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
Yes HKLM:Run LifeCam Microsoft Corporation "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
Yes HKLM:Run NUSB3MON Renesas Electronics Corporation "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Yes HKLM:Run SoundMAXPnP Analog Devices, Inc. C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
Yes HKLM:Run Total Defense PC Tuneup Reminder PC Pitstop LLC C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe
No HKLM:Run VX3000 Microsoft Corporation C:\Windows\vVX3000.exe
Yes Startup Common Microsoft Office.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

C: Nope
antijkc
Active Member
 
Posts: 9
Joined: January 6th, 2014, 12:46 am

Re: Respawning, Multiple Infection

Unread postby pgmigg » January 8th, 2014, 11:45 am

Hello antijkc,

Very good! Then one more step with same tool.

To Run CCleaner:
You should still have CCleaner icon on your desktop.
  1. Right-click on CCleaner desktop icon and select "Run As Administrator..." to run it. If prompted by UAC, please allow it..
  2. Select and click Tools on the left Pane - it will open Uninstall window.
  3. Select and click Save to text file... button on the right bottom corner and safe install.txt on your Desktop.
  4. Close CCleaner when finished.
  5. Locate the install.txt file, open it by Notepad, copy the contents of that file, and post it in your next reply

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the install.txt file
  3. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Respawning, Multiple Infection

Unread postby antijkc » January 8th, 2014, 11:59 am

A: No problems

B: Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10/12/2013 6.00 MB 11.9.900.170
Adobe Reader XI (11.0.05) Adobe Systems Incorporated 09/10/2013 126 MB 11.0.05
AVG 2013 AVG Technologies 10/12/2013 2013.0.3462
Bullzip PDF Printer 9.3.0.1516 Bullzip 28/12/2012 10.8 MB 9.3.0.1516
CCleaner Piriform 08/01/2014 4.09
Coby Media Manager Coby 30/12/2012 199 MB 1.0.4717
ESET Online Scanner v3 05/01/2014
GIMP 2.8.10 The GIMP Team 29/12/2013 267 MB 2.8.10
Google Chrome Google, Inc. 24/11/2013 35.2 MB 65.156.32827
HP Deskjet 1050 J410 series Basic Device Software Hewlett-Packard Co. 17/03/2013 94.9 MB 22.50.231.0
HP Deskjet 1050 J410 series Help Hewlett Packard 17/03/2013 7.19 MB 140.0.66.66
HP Deskjet 1050 J410 series Product Improvement Study Hewlett-Packard Co. 17/03/2013 7.00 MB 22.50.231.0
HP Photo Creations HP Photo Creations Powered by RocketLife 17/03/2013 14.6 MB 1.0.0.3781
HP Update Hewlett-Packard 17/03/2013 2.97 MB 5.002.006.003
Java 7 Update 45 Oracle 20/10/2013 120 MB 7.0.450
Java 7 Update 45 (64-bit) Oracle 20/10/2013 118 MB 7.0.450
Lexmark X6100 Series Lexmark International, Inc. 28/12/2012
LibreOffice 3.6 The Document Foundation 28/12/2012 376 MB 3.6.4.3
magicJack magicJack L.P. 01/01/2013 2.0.6073.4413
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 04/01/2014 19.2 MB 1.75.0.1300
Microsoft .NET Framework 4.5.1 Microsoft Corporation 29/12/2013 38.8 MB 4.5.50938
Microsoft LifeCam Microsoft Corporation 28/12/2012 60.0 MB 3.22.270.0
Microsoft Office XP Professional with FrontPage Microsoft Corporation 07/01/2013 174 MB 10.0.2627.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 28/12/2012 11.1 MB 10.0.40219
MiniTool Partition Wizard Home Edition 7.6.1 MiniTool Solution Ltd. 30/12/2012 46.2 MB
Mozilla Firefox 26.0 (x86 en-US) Mozilla 21/12/2013 50.5 MB 26.0
Mozilla Maintenance Service Mozilla 21/12/2013 338 KB 26.0
Mozilla Thunderbird 24.1.0 (x86 en-US) Mozilla 24/11/2013 48.0 MB 24.1.0
PhotoScape 07/01/2013
Print Workshop 2008 LE Valusoft 11/01/2013 644 MB 1.0.0
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 08/03/2013 1.26 MB 2.1.28.1
Skype™ 6.11 Skype Technologies S.A. 27/11/2013 27.3 MB 6.11.102
SoundMAX Analog Devices 18/09/2012 6.10.2.7255
The Kakuro Code 07/01/2013
Visual Studio 2010 x64 Redistributables AVG Technologies 28/12/2012 12.4 MB 13.0.0.1
Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (07/03/2012 8.970.100.3000) Advanced Micro Devices, Inc. 30/12/2012 07/03/2012 8.970.100.3000
WordPerfect Office 11 Corel Corporation 07/01/2013 282 MB 11.0

C: No change, same
antijkc
Active Member
 
Posts: 9
Joined: January 6th, 2014, 12:46 am

Re: Respawning, Multiple Infection

Unread postby pgmigg » January 8th, 2014, 12:23 pm

Hello antijkc,

Step 1.
To Run CCleaner:
You should still have CCleaner icon on your desktop.
  1. Right-click on CCleaner desktop icon and select "Run As Administrator..." to run it. If prompted by UAC, please allow it...
  2. Select and click Tools on the left Pane.
  3. Select and click Startup.
  4. Please locate line
    Yes HKLM:Run Total Defense PC Tuneup Reminder PC Pitstop LLC C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe
    and make a right click on it. Then select Disable at the pop up menu (first position). As a result of that action, the Yes in the first column should be changed to No.
  5. Select and click Save to text file... button on the right bottom corner and safe startup2.txt on your Desktop.
  6. Close CCleaner when finished.
  7. Locate the startup2..txt file, open it by Notepad, copy the contents of that file, and post it in your next reply.
  8. Reboot your computer. <- Important!

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    O4 - HKLM..\Run: [Total Defense PC Tuneup Reminder] C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe (PC Pitstop LLC)
    
    :Files
    C:\Program Files (x86)\Total Defense
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the startup2..txt file
  3. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware